SECURING


Recovering an ID

If a user loses or damages an ID file or forgets a password, the user can work with administrators to recover the ID file from backup.

Parent topic: ID recovery

To recover a user ID from a backup ID

About this task

The user completes these steps.

Procedure

1. If you have recovery information set up for your user ID, contact your administrator to obtain the password(s) needed to recover your ID.


2. When you first log in to Notes® and the Password dialog box appears, do not enter your password. Just click OK.

3. Click Recover Password in the Wrong Password dialog box.

4. Select the user ID file to recover in the Choose ID File to Recover dialog box.

5. Enter the password(s) given to you by your administrator(s) in the Enter Passwords dialog box, and repeat until you have entered all of the passwords, and you are prompted to enter a new password for your user ID.

6. Enter a new password for your user ID, and confirm the password when prompted. Note that if you do not enter a new password, you will need to recover your user ID again.

7. Replace all backups and copies of your user ID file with the newly recovered user ID file.

To obtain the ID file recovery password

About this task

For security reasons, it is recommended that administrators complete these steps from their own workstations, rather than from the same workstation. Using separate workstations prevents an unauthorized user from using a program to capture the keystrokes that the administrators enter on the same workstation. If an unauthorized user obtains an administrator's ID file and password, the unauthorized user can obtain the administrator's recovery password for all ID files. Therefore, you must protect the administrator's ID file and require that multiple administrators work together to recover any given user ID file.

Procedure

1. Detach the encrypted backup of the user's ID file from the mail or mail-in database to the local hard drive.

2. If the user's ID file is damaged, send a copy of the ID file from the centralized mail or mail-in database to the user.

3. From the Domino® Administrator, click the Configuration tab, and choose Certification -> Extract Recovery Password.

4. Enter the password to the administrator's ID file.

5. Specify the ID file you want to recover. This is the same ID you detached in Step 1.

6. Note the recovery password. Give the user the recovery password that is displayed.

Results

The Extract Recovery and Recover ID File dialog boxes now display timestamp information for the recovery information contained in the copy of the ID file being recovered. Each time recovery information is generated or regenerated for an ID file, the recovery passwords all change. Occasionally, the recovery cookie acquired by an administrator can't unlock a user's ID file; the recovery information had been regenerated at some point, and administrator is using a copy of the ID file that has a different set of recovery information. In situations like this, administrators can check the timestamp information displayed in these dialog boxes to see if they are trying to recover an ID file with outdated recovery information.

Related tasks
ID recovery