Password Recovery Service
MSP360 Managed Backup offers a tool that allows to recover backup passwords (encryption passwords for backup plans). Without this service lost or forgotten encryption passwords cannot be recovered so encrypted backups cannot be restored.
Password recovery management is available only at the provider level. This feature requires Two-Factor Authentication (2FA). All actions must be confirmed by two-factor verification codes.
Password Recovery Service can be enabled by provider in Management Console. The provider owns the private password recovery key to recover backup encryption passwords. Thus, if a backup password is lost, an administrator contacts the provider for assistance.
If provider loses their private encryption keys generated for the password recovery service, this key cannot be anyhow recovered. In this regard, be as careful as possible with the private encryption key and keep it in a safe place.
Password Recovery Considerations
To manage password recovery, Two-Factor Authentication must be enabled and an associated authenticator application should be available.
Backup Password Recovery does not support backup plans in the legacy backup format
This service is applicable for the following backup plans:
- All new backup plans created after the backup password recovery service is enabled
- Existing backup plans after the first full backup with Backup Password Recovery service enabled. You can force a full backup for existing backup plans to apply the Backup Password Recovery to them
Recovery Key Pair
The provider's password recovery key pair is generated in the Management Console at the moment the password recovery service is enabled.
The public recovery key is kept in Managed Backup in the provider settings and is transmitted to the Backup Agent via API tools.
The private recovery key at the time of generation will be displayed in the Management Console only once. The private key can be copied to the clipboard or saved as a text file. Managed Backup does not keep private keys: private keys must be kept by the provider. The provider will not be able to recover backup encryption passwords without the private recovery key.
Enable Password Recovery Service
To enable the Backup Password Recovery service, proceed as follows:
- Open Management Console and log in as the provider.
- In the Settings menu, select Password Recovery.
- On the Backup Password Recovery side pane, enable the Backup Password Recovery service.
- Save the private password recovery key to a text file or copy it using a clipboard. In the latter case, it is recommended to add a timestamp to the file name to identify the recovery key.
- Once you saved the key to a safe place, select I acknowledge that I will not be able to recover encryption passwords without the recovery key... check box, then click Enable.
- Enter the 2FA verification code to confirm this action. Taking into account that any operations with passwords pose an increased risk, all actions must be confirmed with two-factor authentication codes.
Recover Backup Password in Management Console
To recover the backup encryption password for restore purposes, proceed as follows:
- Open Management Console and log in as a provider.
- In the Computers menu, select Remote Management.
- Find the required computer, then click the gear icon.
- Select Show Plans.
- Click +.
- In the Restore group, select the restore plan type.
- On the Encryption Options step, click Password Recovery.
- Enter the 2FA verification code to confirm this action.
- Enter the requested recovery key. The recovered password appears in the Encryption password field.
Disable Password Recovery Service
To disable the Backup Password Recovery service, proceed as follows:
- Open Management Console and log in as the provider.
- In the Settings menu, select Password Recovery.
- On the Backup Password Recovery side pane, turn off the Backup Password Recovery service.
- Confirm the disabling of the Backup Password Recovery service.
- Enter the 2FA verification code to confirm this action.