Encryption and your recovery key

With encryption on, everything MomentBackup writes to the destination is encrypted before it leaves your machine. Someone with the drive, the NAS, or the bucket sees ciphertext — no file names worth reading, no contents. The keys are generated on your computer and never transmitted anywhere.

Two ways in

Your passphrase — what you normally use. For scheduled, unattended backups, MomentBackup can keep the unlocked key in the operating system’s secure store so backups run without prompting you.
Your recovery key — a printable code shown exactly once, when encryption is set up. It opens your backups even if you forget the passphrase.

Either one is enough. Keep the recovery key somewhere that is not the computer being backed up — printed in a drawer, in a password manager, with your documents.

If you lose both

Nobody can open the backups. Not you, not us — there is no reset, no support ticket that fixes it, no backdoor. That is the design: a product that could recover your data without your keys would be a product that could read your data.

Changing your passphrase

You can change the passphrase at any time in the app without re-encrypting your backup history. The recovery key keeps working.

Still stuck? Email [email protected] and include what you were doing and what you expected.