REDDCRYPT has been designed as end-to-end encryption in such a way that only the sender(s) and the recipient(s) can read the emails. We as a provider also have no possibility to read our customers’ emails thanks to the developed Zero-Knowledge-Technology. This is because the user’s password is never transmitted to us (see Technology for details).
However, this advantage in data protection and security also includes a “disadvantage”: If you forget your password there is no way for us to recover it.
For customers with REDDCRYPT Business, the Master Key was implemented. If you generate these the user accounts are additionally secured with the master key. This has the advantage that the user can generate a new password without losing his previous emails.
How this works is explained below.
Generate Master Key
You can find the option at
Settings -> My Organization -> Master Keys
and generate a master key by clicking on the button “Create a new key”.
When you create the Master Key you will be asked for a password. Please note that we cannot recover this password either. Therefore we recommend that you keep this password in a safe place such as a password manager.
The creation of the Master Key is now completed.
To see if members are secured with the Master Key
The next time the members of your organisation log in to REDDCRYPT these accounts will be secured with the Master Key. Once this is done the passwords can be changed with the Master Key. In addition, the Master Key can be used to decrypt emails of former employees (see this manual).
In the overview of your members you can see which member has already been secured with the Master Key:
- If the key is green the account is secured with the master key.
- If the key is red the account is not secured with the master key.
- If the key is orange the account is secured with an archived master key.
Request password change by the user
If a user has forgotten the password to their account they can click on “Forgot your password?” at https://app.reddcrypt.com. There he/she must first enter the email address of his/her REDDCRYPT account.
To make sure that this is really the owner of the email address we send this user an email containing a link.
After the user has clicked on the link the user can define a new password.
The new password has now been temporary stored and the administrator has been informed by email.
To change the password the user’s private key must be decrypted. Only then the new password can be applied and the private key re-encrypted. This process is implemented via the master key.
Confirm password change with the Master Key
The administrator of the organization will find an overview of all open requests from users at
Settings -> My Organization -> Password Resets
These requests can be accepted or rejected. If they are rejected the old password will remain unchanged.
After clicking Accept password reset you will be asked for the password of the Master Key.
If the password is entered correctly the Master Key is decrypted. The decrypted Master Key is used to decrypt the user’s Private Key and set the new password.
Finally the user receives an email that they can now log in with their new password.