Media passphrase

SafeGuard Data Exchange allows you to specify that one single media passphrase for all removable media - except optical media - has to be created on the endpoints. The media passphrase provides access to the centrally defined domain/group key as well as to all local keys used in SafeGuard Portable. The user only has to enter one single passphrase and gets access to all encrypted files in SafeGuard Portable, regardless of the local key used for encryption.

On every endpoint, a unique Media Encryption Key for data encryption is automatically created for each device. This key is protected with the media passphrase and a centrally defined domain/group key. On a computer with SafeGuard Data Exchange it is therefore not necessary to enter the media passphrase to access encrypted files on the removable media. Access is granted automatically if the appropriate key is part of the user's key ring.

The domain/group key to be used has to be specified under Defined key for encryption.

Media passphrase functionality is available when the User may define a media passphrase for devices option is activated in a policy of the type Device Protection.

When this setting becomes active on the endpoint, the user is automatically prompted to enter a media passphrase, when he connects removable media for the first time. The media passphrase is valid on every computer the user is allowed to log on to. The user may also change the media passphrase and it will be synchronized automatically when the passphrase known on the computer and the media passphrase of the removable media are out of sync.

If the user forgets the media passphrase, it can be recovered by the user without any need of a helpdesk.

Note: To enable the media passphrase, activate the User may define a media passphrase for devices option in a policy of the type Device Protection. This is only available, if you have selected Removable media as Device protection target.