About recovery point encryption

You can enhance the security of your data by using the Advanced Encryption Standard (AES) to encrypt recovery points that you create or archive. You should use encryption if you store recovery points on a network and want to protect them from unauthorized access and use.

You can also encrypt recovery points that were created with earlier versions of Symantec LiveState Recovery or Backup Exec System Recovery. However, encrypting those files makes them readable with the current product only.

You can view the encryption strength of a recovery point at any time by viewing the properties of the file from the Recovery Point Browser.

Encryption strengths are available in 128-bit, 192-bit, or 256-bit. While higher bit strengths require longer passwords, the result is greater security for your data.

The following table explains the bit strength and required password length.

Table: Password length

You must provide the correct password before you can access or restore an encrypted recovery point.

Warning:
Store the password in a secure place. Passwords are case sensitive. When you access or restore a recovery point that is password encrypted, Backup Exec System Recovery prompts you for the case-sensitive password. If you do not type the correct password or you forget the password, you cannot open the recovery point.

Symantec Technical Support cannot open an encrypted recovery point.

Besides bit strength, the format of the password can improve the security of your data.

For better security, passwords should use the following general rules:

• Do not use consecutive repeating characters (for example, BBB or 88).

• Do not use common words you would find in a dictionary.

• Use at least one number.

• Use both uppercase and lowercase alpha characters.

• Use at least one special character such as ({}[],.<>;:’"?/|\`~!@#$%^&*()_-+=).

• Change the password after a set period of time.