How does IBackup secure my data?

Files and folders in your online storage account are safe and secure on our servers. Use any IBackup applications like desktop client, web-manager etc for secure data backup. Your files and folders are transferred and stored using industry standard 256-bit AES encryption - ideal for higher security needs of Financial, Healthcare and Government organizations.

WARNING: IBackup does not store your Private encryption key on its servers. It is recommended that you archive it safely to backup and restore your data. However, you do not have to remember in case you opt for the Default encryption key.

Can I change my Private encryption key for an existing IBackup account?

Yes. On resetting your existing account, you can change the private encryption key assigned to your account.

Note: Resetting your account permanently deletes all your backed up files and folders. If you have opted for local backup, you will lose access to the locally backed up files, so delete them before resetting your account.

Before I login via browser, the site does not show pad-lock related to SSL encryption. Is my login secure?

Once you enter your Username and Password, subsequent communication uses 128-bit SSL encryption for transfer including the username/password portion, and others cannot view the information as clear text. You will see the pad-lock sign once you login. However, when you just navigate to http://www.ibackup.com, the site is not secure as with almost any site on simple navigation.

Where is IBackup data stored?

The IBackup applications and data are hosted at multiple world-class data center locations. The data centers provide the physical environment necessary to keep the servers up and running 24x7. These world-class facilities are custom designed with raised floors, HVAC temperature control systems with separate cooling zones, and seismically braced racks. They offer the widest range of physical security features, including state-of-the-art smoke detection and fire suppression systems, motion sensors, and 24x7 secured access, as well as video camera surveillance and security breach alarms.

What is Shellshock? Is IBackup affected by it?

Shellshock, also known as Bashdoor, is a family of security bugs existing in the widely used Bash Unix shell. To date, 6 CVE's regarding Shellshock have been filed, the first of which was disclosed on September 24, 2014. Many Internet daemons, such as web servers, use Bash to process certain commands. The Shellshock bug lets attackers cause vulnerable versions of Bash to execute arbitrary commands, allowing them to gain unauthorized access to a computer system. For more information, you may refer the Wikipedia article regarding Shellshock.

Our security team has verified that IBackup services are not affected by this security vulnerability. We nonetheless applied the necessary patches to all external and internal systems. We've also verified that our software is not susceptible to Shellshock. Our users are completely secure from this bug, and need not update or take other action to avoid it.

I am trying to login to my account, but it is taking me through a two-step process to login. Why?

IBackup, like many other services in the recent past, has been a target for password re-use attack. To ensure security, we have turned on two-step authentication, where the user needs to verify their email address in addition to the standard username and password.