Security
- How does IBackup secure my data?
- Can I change my Private encryption key for my existing IBackup account?
- Before I login via browser, the site does not show pad-lock related to SSL encryption.Is my login secure?
- Where is IBackup data stored?
- What is Shellshock? Is IBackup affected by it?
- Will I be asked to share confidential information?
- What is two-factor authentication?
- How do I set up two-factor authentication for my IBackup account?
- How do I set up two-factor authentication for my IBackup account with Time-based OTP authentication?
- Which time-based OTP authenticator apps are supported by IBackup?
- Can I disable two-factor authentication via Time based OTP authentication for my IBackup account, in case I lose access to my mobile device?
- I am unable to receive the SMS containing OTP for two-factor authentication. What should I do?
- As an admin, can I enable two-factor authentication for my users?
- How do I disable two-factor authentication for my IBackup account?
- Is IBackup FIPS compliant?
- Does IBackup provide a HIPAA Business Associate Agreement (BAA)
How does IBackup secure my data?
Files and folders in your online storage account are safe and secure on our servers. Use any IBackup applications like desktop client, web-manager etc for secure data backup. Your files and folders are transferred and stored using industry standard 256-bit AES encryption - ideal for higher security needs of Financial, Healthcare and Government organizations.
WARNING: IBackup does not store your Private encryption key on its servers. It is recommended that you archive it safely to backup and restore your data. However, you do not have to remember in case you opt for the Default encryption key.
Can I change my Private encryption key for an existing IBackup account?
Yes. On resetting your existing account, you can change the private encryption key assigned to your account.
Note: Resetting your account permanently deletes all your backed up files and folders. If you have opted for local backup, you will lose access to the locally backed up files, so delete them before resetting your account.
Before I login via browser, the site does not show pad-lock related to SSL encryption. Is my login secure?
Once you enter your Username and Password, subsequent communication uses 128-bit SSL encryption for transfer including the username/password portion, and others cannot view the information as clear text. You will see the pad-lock sign once you login. However, when you just navigate to http://www.ibackup.com, the site is not secure as with almost any site on simple navigation.
The IBackup applications and data are hosted at multiple world-class data center locations. The data centers provide the physical environment necessary to keep the servers up and running 24x7. These world-class facilities are custom designed with raised floors, HVAC temperature control systems with separate cooling zones, and seismically braced racks. They offer the widest range of physical security features, including state-of-the-art smoke detection and fire suppression systems, motion sensors, and 24x7 secured access, as well as video camera surveillance and security breach alarms.
What is Shellshock? Is IBackup affected by it?
Shellshock, also known as Bashdoor, is a family of security bugs existing in the widely used Bash Unix shell. To date, 6 CVE's regarding Shellshock have been filed, the first of which was disclosed on September 24, 2014. Many Internet daemons, such as web servers, use Bash to process certain commands. The Shellshock bug lets attackers cause vulnerable versions of Bash to execute arbitrary commands, allowing them to gain unauthorized access to a computer system. For more information, you may refer the Wikipedia article regarding Shellshock.
Our security team has verified that IBackup services are not affected by this security vulnerability. We nonetheless applied the necessary patches to all external and internal systems. We've also verified that our software is not susceptible to Shellshock. Our users are completely secure from this bug, and need not update or take other action to avoid it.
Will I be asked to share confidential information?
We will never call you asking for login information, requesting payment or any other sensitive information. However, if you do receive a call of this nature, it is probably a phishing attempt. Do not share any information, and immediately contact us at support@ibackup.com so that we could provide timely assistance.
What is two-factor authentication?
The two-factor authentication provides additional security to your account and helps in preventing unauthorized access. Once two-factor authentication is enabled via web, in addition to your password, you will need to enter a verification code sent to your email address or phone number or Time-based OTP authenticator app, while signing in to your IBackup account. Read more on how to enable two-factor authentication for your IBackup account.
How do I set up two-factor authentication for my IBackup account?
The two-factor authentication process enhances the security of your account and prevents access by unauthorized parties. Once two-factor authentication is enabled, in addition to your password, you will need to enter a verification code sent to your registered email address or phone number, while signing in to your IBackup account.
To enable two-factor authentication,
- Sign in to your IBackup account via web browser and click your username at the top-right of the screen.
- Click 'Account' and then select 'Two-factor authentication'.
- In the 'Two-factor authentication' section, click 'Enable'.
- Select 'Email Address', 'Phone Number' or 'Time-based OTP authentication' as your preferred method of receiving the one-time verification code and click 'Confirm'. If you have chosen 'Phone Number', enter the same and click 'Send Code'. Click here to know how to set up via Time-based OTP Authenticator app.
- Enter the verification code sent to your registered email address or phone number and click 'Verify & Enable'. A message is displayed to indicate two-factor authentication is successfully enabled.
To sign in after two-factor authentication is enabled,
- On the Sign in screen, enter your username and password and click 'Sign in'.
- You will be prompted to enter a verification code sent to your email address or phone number.
- Enter the code and click 'Verify'.
How do I set up two-factor authentication for my IBackup account with Time-based OTP authentication?
To configure two-factor authentication for your IBackup account with the Time-based OTP authentication method, you will need to enter a verification code generated by the Time-based OTP authenticator app installed on your mobile device.
Once two-factor authentication is enabled, in addition to your password, you will need to enter a verification code generated by the Time-based OTP authenticator app, installed on your mobile device, while signing to IBackup.
To configure two-factor authentication with the Time-based OTP authenticator app:
- Sign in to your IBackup account via web browser and click your username at the top-right of the screen.
- Click 'Account' and then select 'Two-factor authentication'.
- In the 'Two-factor authentication' section, click 'Enable'.
-
Select 'Time-based OTP authentication' as your preferred method of receiving the one-time verification code and click 'Confirm'. See supported TOTP apps.
This will open the 'Enable time-based OTP authentication' window.
- Install and launch any Time-based OTP authenticator app on your mobile device and scan the QR code displayed on your computer screen. Alternatively, you can also view the key by clicking on 'enter key manually' and type it manually on your mobile device and click 'Next'.
-
Copy and save the recovery code displayed on your computer screen securely or click 'Download' to download and save as a .txt file. Click 'Continue'.
Note: You will require the recovery code to deactivate two-factor authentication for your account, in case you lose access to your mobile device where the Time-based OTP Authenticator app is installed. - Enter the one-time code generated by the Time-based OTP Authenticator app in your mobile device and click 'Enable'.
To sign in after two-factor authentication is enabled with Time-based OTP Authenticator,
- On the Sign in screen, enter your username and password and click 'Sign in'.
- You will be prompted to enter the one-time code generated by the Time-based OTP Authenticator app in your mobile device.
- Enter the code and click 'Submit Code'.
Which time-based OTP authenticator apps are supported by IBackup?
IBackup supports the following Time-based OTP authenticator apps:
- Google Authenticator (Android/iPhone/BlackBerry)
- Duo Mobile (Android/iPhone)
- Microsoft Authenticator (Android/iPhone/Windows Phone 7)
- Okta Verify (Android/iPhone)
- Any other authentication app that supports time-based one-time protocol, or compatible with Google Authenticator.
Can I disable two-factor authentication via Time based OTP authentication for my IBackup account, in case I lose access to my mobile device?
Yes, you can disable two-factor authentication via Time based OTP authentication for your IBackup account.
To disable,
- Navigate to IBackup sign in screen, enter your username and password, and click 'Sign in'.
- In the verification code screen that appears, click the link 'I can't access my code'.
This will open the ‘Deactivate Time-based OTP authentication’ window.
- Enter your password. In the 'Recovery Code' field, enter the recovery code generated while activating two-factor authentication via Time-based OTP Authenticator for your IBackup account.
- Click 'Deactivate'.
The two-factor authentication via Time based OTP authentication will be disabled for your IBackup account.
I am unable to receive the SMS containing OTP for two-factor authentication. What should I do?
During the two-factor authentication process, if you are unable to receive the SMS containing the OTP, you can choose to receive the verification code via email address.
To receive verification code via email address, click 'Receive verification code on your email address' in the two-factor authentication page.
A code will be sent to the registered email address. You can use this code to complete the verification process.
As an admin, can I enable two-factor authentication for my users?
When you enable two-factor authentication for your IBackup account, 2FA will be enabled for all the users associated with it, by default.
Once two-factor authentication is enabled by the admin, on the first sign in, users will be asked to choose a method (Email, SMS or Time-based OTP authentication) for receiving the one-time code. Once they verify the credentials via OTP, the configuration process will be complete.
During all subsequent sign-ins, users will need to enter the code sent to their registered email address or phone number, or the code displayed in their time-based OTP authenticator app. To change the method of receiving OTP, users can go to 'Account' > 'Two-factor authentication' and update the preferences from Email Address, Phone Number or Time-based OTP authentication.
How do I disable two-factor authentication for my IBackup account?
To disable two-factor authentication for your account,
- Sign in to your IBackup account and click your username at the top-right of the screen.
- Click 'Account' and then select 'Two-factor authentication'.
- In the 'Two-factor authentication' section, click 'Disable'.
The two-factor authentication will be disabled for your IBackup account and associated users.
IBackup assists users in achieving compliance to the benchmarks laid out under the Federal Information Processing Standards (FIPS) validation for cryptographic products/software used in the USA. IBackup uses FIPS approved encryption algorithms and adheres to physical security.
Does IBackup provide a HIPAA Business Associate Agreement (BAA)
IBackup assists organizations in the healthcare industry stay compliant with the benchmarks laid out under HIPPA. IBackup also supports the federal mandates of SOX, GLBA, and SEC/FINRA.
Read our Compliance Statement >
Place your request for your Business Associate Agreement (BAA) >