Online Backup Security & Encryption
Backing up, accessing, and restoring your data has never been easier. Our goal is to keep your data safe without sacrificing the user experience.
Backing up, accessing, and restoring your data has never been easier. Our goal is to keep your data safe without sacrificing the user experience.
Included with Backblaze
You can restore older versions or deleted files for 30 days.
Enable for free
You can restore older versions or deleted files for one year.
Restore old versions or deleted files forever.
Learn more about setting up Extended Version History with Business Groups.
Our goal is to keep your data safe while making the online backup and restore of your data easy. You do not need to know anything about encryption to know the data you backup online is safe. At the same time, you should be able to easily add an additional layer of privacy without making Backblaze difficult to use. Here’s an overview of how we use encryption to secure your files. If you want to dig into the details you can read our blog post “How to make strong encryption easy to use.”
When you use Backblaze, data encryption is built in. Files scheduled for backup are encrypted on your machine. These encrypted files are then transferred over a secure SSL (https) connection to a Backblaze datacenter where they are stored encrypted on disk. We use a combination of proven industry standard public/private and symmetric encryption methods. To a Backblaze customer, all of this is invisible and automatic.
Upon arriving at a Backblaze datacenter, your data is assigned to one or more Storage Pods where it is stored encrypted. Access to your data is secured by your Backblaze account login information (your email address and password). When you provide these credentials, your private key is used to decrypt your data. At this point you can view your file/folder list and request a restore as desired.
New: Backblaze has enabled two-factor authentication. Now a 6-digit code can be sent to your phone during sign-in for an extra layer of security.
When you request a data restore, we do what is known as a cloud restore. This simplifies the data restoration process. For example, let’s assume your hard drive crashes and you get a new hard drive or even a new computer. To restore your data, you first log in to Backblaze using a web browser. Then, you can request a restore of your data. You do not have to install Backblaze to get your data back. To make this work, we decrypt your data on our secure restore servers. Then, we then zip it and send it over an encrypted SSL connection to your computer. Once it arrives on your computer, you can unzip it and you have your data back.
You have the option with Backblaze to add an additional layer of privacy via a user-selected passphrase. This passphrase will be used to encrypt your private key. This passphrase is your responsibility to remember and safeguard. This is important: if you forget or lose this passphrase there is no way that anyone, including Backblaze, can decrypt, and thus restore, your data. When you choose to add your own passphrase there is no “forgot passphrase” mechanism as Backblaze does not know your passphrase.
The data restoration process is a cloud restore, similar to the process previously described but with a few differences. To decrypt your data, you are required to enter your passphrase on our secure website. When you do so, it is passed over an encrypted connection to our datacenter where it is used to decrypt your private key, which in turn is used to decrypt your data. Your passphrase is never saved on disk and it is discarded once it is used. As before, once we decrypt your data on our secure restore servers we then zip it and send it over an encrypted SSL connection to your computer. Once it arrives on your computer, you can unzip it and you have your data back.
When you request a restore, we locate and assemble a copy of your data on a secure restore server in our datacenter. Once we have sent you your restore data, you can choose to delete it immediately from the restore server or let it be automatically deleted after seven days. Of course the original copy of your encrypted data remains stored safely away in the datacenter.