SendSafely

Articles in this section

Best Practices for Using Trusted Browsers

Our Trusted Browser feature is designed to streamline the process of accessing items from your frequently used devices. With a Trusted Browser, you no longer need to rely on the sender providing a secure link in order to access new shared items. You’ll still need your username and password to access SendSafely, but once authenticated you’ll be able to access any item sent or received using SendSafely.  

If you are experiencing problems accessing files using a trusted browser, consider skipping directly to one of the following frequently asked questions:

Trusting your Browser for the First Time 

Every time you log into SendSafely from a new browser or device, the portal will prompt to see if you want to add the browser to your Trusted Browser list.

mceclip0.png

When you choose "Trust this Browser", a unique public/private key pair is generated for your browser. The public key is uploaded and stored on our server, while the private key is securely stored locally inside of your browser. 

 

tumblr_inline_nzdq8p9oTx1rzfdld_540.png

 

Backing up the Private Key 

When you first trust a browser (i.e. generate a new public/private key pair), the portal will also ask you whether you want to export a backup copy of your private key so that you can restore it if you lose access to your browser or device. Inadvertently losing access to a trusted browser/device can be caused by being issued a new laptop at work, losing your phone, or clearing your browser cache (which will delete the private key).

This backup step is critical to ensure you are not placed in a position where you are unable to access your SendSafely files.

You should store the backup key file in a location that you will have access to even if you switch PC's. 

mceclip1.png

When you export the key, it will be saved in a file named user@company.com_{keyid}.sskey, where user@company.com is your email address and {keyid} is the unique id associated with that key. You will need access to this file if you want to restore the key to a new device or if you clear your browser cache. 

  • Your exported Browser Key is protected with encryption, and can only be used with your unique SendSafely account.
  • Do not store on any public folder or shared drive that other users have access to. Treat the exported key as you would any other sensitive files you keep for long term storage.
  • If you use a Password Manager, consider using it to store the exported key file and make sure it is being backed up to a secure location. 

Export_Key.png

If you want to export a copy of your current browser key AFTER it has been generated, you can browse to the "Trusted Devices" tab of the "Edit Profile" screen and press the "Export Key" button as shown above. 

Restoring a Private Key 

If you log into SendSafely from a new device, or you clear your browser cache, you will be presented with the "Do you want to trust this browser?" dialog when you log in to the portal. In most cases, you should always import your backup Private Key instead of generating a new trusted browser key. This includes cases where you are trusting a different browser on another machine you use frequently, since it is possible for two different browsers to both use the same browser key. 

To restore an existing private key, choose the link that says "Click here to import an existing key file" as shown below when you are prompted. 

mceclip2.png

Choosing this link will open a dialog that allows you to select the .sskey file that was generated when you exported the key. The key file is named user@company.com_{keyid}.sskey, where user@company.com is your email address and {keyid} is the unique id associated with that key. If you are unsure of where you saved your originally exported key, you can search your file system for ".sskey" extension to help locate it.

When should I generate a new trusted device key? 

Importing an existing key is the preferred approach since it will automatically give you access to all of your previously sent or received files and workspaces. When you generate a new key, none of your existing (old) sent or received items will be accessible. The new key can only be used to access new items going forward.

You should only generate a new key for cases where you are unable to import a backup key file (such as when using our mobile app). In these cases, the new key will get synchronized with your old sent and received items next time you log in from a previously trusted device (like your desktop browser). Until then, the new device will only be able to access new items.  

Why am I getting prompted every time I log in? 

If you are getting prompted to trust your browser every time you log in, it might be due to a setting you have enabled which clears your browser's cache every time you restart the browser. When this happens, the private key is automatically deleted every time the browser restarts. 

In order to avoid this from happening, we recommend that your browser is NOT set to clear its local storage/cache when the browser restarts. Below are links to articles that walk you through where to find this setting on each major browser. Note, these articles discusses how to ENABLE this feature, but instead you want to make sure it is NOT enabled: 

Should I delete my old trusted browser key?

You should only delete an old trusted browser key if you have lost access to all browsers that are using the key and do not have a backup copy of the private key. You should NOT delete your trusted browser key if you:

  • Still have access to a browser using that key
  • Have a backup copy of the private key.
    • Deleting a trusted browser key from the SendSafely portal invalidates any exported backup copies of that key.

Deleting a trusted browser key is irreversible and should only be done if you are SURE that you will not need access to that key again.

What to do if you reach the limit of trusted device keys

If you have more than the allowed number of trusted device keys for a specific account, you might be prompted to delete one of your trusted keys. This generally only happens if you have more than 7 devices being used to log in with the same SendSafely account (such as a shared account) or in cases where you continually re-trust the same browser every time you log in.

Consider the following guidance to avoid this scenario:

  • For shared accounts, you should generate a trusted device key that is designated as "Shared" in the name. The shared key should be exported and provided to everyone who frequently logs in with the shared account. Users should be instructed to import the shared backup key when logging in for the first time instead of generating a new key when being asked to trust the browser. We also recommend adding the words "DO NOT DELETE" in the key name to make it clear to other users that the key should not be deleted.
  • For cases where you continually re-trust the same browser every time you log in, this is likely a side effect of your browser cache being cleared every time the browser is restarted. Refer to the "Why am I getting prompted every time I log in?" section above for guidance on how to avoid this scenario.

A decryption key is needed to access this item

If you find yourself suddenly unable to access SendSafely items from your web browser, the most likely cause is that you are either using a new browser or the browser cache was cleared. Typically when this happens you'll end up at this screen:

mceclip0.png

In order to restore access to your old items, you should import a backup copy of your old device key instead of re-trusting your browser by generating a new key.

In most cases, you should be able to find a copy of the old key file, which is named user@company.com_{keyid}.sskey (where user@company.com is your email address and {keyid} is the unique id associated with that key). If you are unsure of where you saved your originally exported key, you can search your file system for ".sskey" extension to help locate it. 

NOTE: The date on the backup key file should match the date from when you originally generated the key. If you find multiple .sskey files, you should generally choose the OLDEST one to import. 

To import an old key after you have already re-trusted your browser, go to the Edit Profile screen and choose the "Import Key" button from the "Trusted Devices" section of the page as shown below. 

 

Import_Key.png

 

 

 

Related articles