Encryption Best Practices

To guarantee the flawless process of data encryption and decryption, consider the following advice.

Password

  1. Use strong passwords that are hard to crack or guess. Consider the following recommendations:
  1. The password must be at least 8 characters long.
  2. The password must contain uppercase and lowercase characters.
  3. The password must be a mixture of alphabetic, numeric and punctuation characters.
  4. The password must significantly differ from the password you used previously.
  5. The password must not contain any real information related to you, for example, date of birth, your pet’s name, your logon name and so on.
  1. Provide a meaningful hint for the password that will help you recall the password. The hint for the password must significantly differ from the password itself. The hint for the password is displayed when you select an encrypted backup server and attempt to unlock it.
  2. Change passwords for encrypted jobs regularly. Use of different passwords helps increase the encryption security level.

Encryption for Existing Job

If you enable encryption for an existing job, during the next job session Veeam Agent will create active full backup. The created full backup file and subsequent incremental backup files in the backup chain will be encrypted with the specified password.

Encryption is not retroactive. If you enable encryption for an existing backup job, Veeam Agent does not encrypt the previous backup chain created with this job. However, Veeam Agent encrypts backup metadata. As a result, you need to enter the password to restore data from unencrypted backup files in the backup chain as well as from encrypted backup files in this chain.