IDrive uses industry standard 256-bit AES encryption on transfer and storage. Data stored at our world-class data centers is encrypted using the encryption key (known only to you in case you set the private encryption key).
WARNING: IDrive does not store your private encryption key on its servers. It is recommended that you archive it safely to backup and restore your data. However, if you opt for the Default encryption key, you need not remember it.
Can I change my private encryption key for an existing IDrive account?
Yes. On resetting your existing account, you can change the private encryption key assigned to your account.
Note: Resetting your account permanently deletes all your backed up files and folders. If you have opted for local backup, you will lose access to the locally backed up files, so delete them before resetting your account.
The site does not show pad-lock related to SSL encryption when I try to sign in. Is my sign in secure?
Yes, your sign in is secure as by default we use secure HTTP protocol, thus adding the security capabilities of SSL to standard HTTP communications.
IDrive uses 256-bit AES encryption to transfer your Username and Password when you enter the sign in credentials. This ensures your details are secure during transfer since the information cannot be viewed by anyone as clear text.
However, when you just navigate to http://www.idrive.com, the site is not secure as with almost any site on simple navigation.
Where is IDrive data stored?
The IDrive applications and data are hosted at multiple world-class data centers. The data centers provide the physical environment necessary to keep the servers up and running 24/7.
These world-class facilities are custom designed with raised floors, HVAC temperature control systems with separate cooling zones, and seismically braced racks. They offer the widest range of physical security features, including state-of-the-art smoke detection and fire suppression systems, motion sensors, and 24/7 secured access, as well as video camera surveillance and security breach alarms.
We also have periodic third party reviews of our network infrastructure to check for known application and service vulnerabilities.
I have forgotten my private encryption key. What should I do?
The private encryption key is known only to you and no one else. Even the IDrive personnel do not have access to this key as it is not stored in the IDrive servers. You must try to recollect your private encryption key to retrieve your account data.
What is the difference between default encryption and private encryption?
Both, default encryption and private encryption, use the 256-bit AES encryption to encrypt your data. Default encryption uses a system generated key, whereas for private encryption, a user-defined key is used.
IDrive does not store your private encryption key on its servers. It is recommended that you archive it safely to backup and restore your data. However, if you opt for the Default encryption key, you need not remember it.
What is Shellshock? Is IDrive affected by it?
Shellshock, also known as Bashdoor, is a family of security bugs existing in the widely used Bash Unix shell. To date, 6 CVE's regarding Shellshock have been filed, the first of which was disclosed on September 24, 2014. Many Internet daemons, such as web servers, use Bash to process certain commands. The Shellshock bug lets attackers cause vulnerable versions of Bash to execute arbitrary commands, allowing them to gain unauthorized access to a computer system. For more information, you may refer the Wikipedia article regarding Shellshock.
Our security team has verified that IDrive services are not affected by this security vulnerability. We nonetheless applied the necessary patches to all external and internal systems. We've also verified that our software is not susceptible to Shellshock. Our users are completely secure from this bug, and need not update or take other action to avoid it.
Will I receive a call from IDrive to provide confidential information?
Stay assured that IDrive will never call you asking for sign in information, requesting payment or any other such confidential information. If you do receive a call of this nature, it is probably a phishing attempt. Do not share any information, and immediately contact us at email@example.com so that we could provide quick assistance.