FAQ¶
Virtual or not?¶
Q - Can I run StoredSafe as a virtual appliance?
A - Yes you can. If you can settle for a lower assurance (A instead of AAA) you can deploy StoredSafe as a virtual appliance in both VMware and HyperV virtualization clusters.
What are the different Assurance levels?¶
| Assurance level | Description | On-premises? | 2FA validation |
| AAA+ | Redundant hardware appliance | Yes | HSM for Yubikeys or any TOTP based service (such as Google Authenticator), X.509 Client certificate |
| AAA | Hardware appliance | Yes | HSM for Yubikeys or any TOTP based service (such as Google Authenticator), X.509 Client certificate |
| AA | Appliance as a Service (AaaS) hosted by StoredSafe | No | YubiCo:s YubiCloud for Yubikeys, local SoftHSM for any TOTP based service (such as Google Authenticator), X.509 Client certificate |
| A | Virtual appliance (VMware or HyperV supported) | Yes | YubiCo:s YubiCloud for Yubikeys, local SoftHSM for any TOTP based service (such as Google Authenticator), X.509 Client certificate |
What if I lose an escrow YubiKey?¶
Q - What happens if I lose one or both of my escrow YubiKeys?
A - If you lose one of you YubiKeys for your escrow user you lose half your passphrase to your escrow users secret key, this means that your in trouble, we strongly suggest that you keep your escrow YubiKeys in two different fireproof safes. If you would like to secure your escrow functionality even more, you can add multiple escrow users. In that way you are able to store a pair of keys at your disaster recovery site.
Help! I've lost my password!¶
Q - How do i help a user who has forgotten their password?
A - No worries, just follow the Lost password guideline