All backup methods require both a decryption key and the backup snapshot file to perform recovery. This dual requirement provides an additional layer of security.
For availability:
- Regularly verify you have access to both your backup snapshot and decryption key/phrases
- Download and store the an offline copy of the recovery tool and the recovery guide
For security:
- Ensure backup components (recovery phrases, private keys, or third-party access) are securely stored
- Limit access to backup snapshots to only authorized personnel
- Periodically review who has access to backup components
In addition to the backups that you initiate, Fordefi regularly sends you an encrypted backup snapshot over email. The backup snapshot contains the encrypted MPC shares and the data about all the vaults in your workspace. For each vault, the snapshot contains its name, address, and, most importantly, its derivation path.
Whenever you create a new vault, Fordefi generates an up-to-date backup snapshot, which contains the information of the new vault, and sends it to you. The encrypted MPC shares are the same in all your backup snapshots (apart from the case where you import new keys into your workspace).
When you run the recovery tool, the tool first reconstructs the master private key from the encrypted MPC shares, and then uses the additional vault information from the snapshot to derive the private key of each of the vaults in your workspace from the master key.
- On the one hand, having an up-to-date backup snapshot is recommended, since it allows automatic recovery of all your vaults. Therefore, we recommend that you store the updated snapshots files sent to you over email (as opposed to, for example, only downloading the backup snapshot once).
- On the other hand, having an up-to-date backup snapshot is not critical, in the sense that even if you only have an older version of the backup snapshot, you can still recover your private keys by manually providing the derivation path of each vault. Even if you don't have the derivation paths, they can be easily enumerated, since they follow a predictable pattern. Learn more about manually deriving vaults private keys.
From time to time, an organization may want to change the email address to which backups are sent.
When an organization creates a backup of its private keys, a recovery email address must be specified.
Follow these steps to change the email address:
Open the Fordefi web console.
In the side menu, click Settings, then click the Backup tab.
In the section Set the backup email address, click Change backup email.
Enter a new backup email address and click Save.
The following result from the email change:
An updated backup snapshot of the data and an encrypted copy of the organization's private key is sent as a .json file to the new backup email address.
Opening the .json file requires the combined recovery phrase of the designated admins.
A change backup email request is sent to the mobile device of the person who changed the backup email. When that person taps Verify, a message is displayed confirming that the backup email was successfully changed.
When a recovery key holder leaves your organization, it's critical to address the security implications immediately. Recovery key holders are designated admins who hold recovery phrases that are required to decrypt your organization's backup files.
If a recovery key holder leaves your organization, you should take immediate action to ensure your backup security is maintained.
When a recovery key holder departs from your organization:
- Security risk: The departing key holder retains access to their recovery phrase, which could potentially be used to access your organization's private keys if they collude with other backup holders and have access to the backup snapshot file
- Availability risk: Your organization may lose the ability to recover from backup if you don't have enough remaining key holders (Fordefi requires at least two recovery key holders)
Immediate actions:
- Remove the departing user from your organization using the Remove a User process
- Ensure the departing user no longer has access to backup snapshots by changing the backup email address, removing them from the mailing list if you used one for the backup email, or revoking their access to shared drives where backup snapshots are stored
Availability assessment: Evaluate whether your remaining recovery key holders can still provide the necessary access to your backup files. If you no longer have enough key holders, contact Fordefi Support to reset your backup so you can designate new recovery key holders.
Security assessment: Consider whether you have concerns about departing key holders potentially colluding to access your backup. If you do have security concerns, it's important to understand that there is no way to invalidate existing backup snapshots. The only way to prevent potential collusion is to migrate to a new Fordefi workspace with fresh keys. If you need to migrate due to security concerns, contact Fordefi Support for guidance.
Resetting your backup does not invalidate old backups. If you have security concerns about departing key holders, consider workspace migration.
If you have concerns about a departing recovery key holder or need assistance with backup security, contact Fordefi Support immediately.