Skip to main content

Register User Account

In this section
  • How to register a user account.
  • Verify email address.
  • Reset password.
  • Enable Accessibility Mode.
  • Login Mechanism.

Register a User Account in tiCrypt

To make a new user account in tiCrypt follow the steps:

  1. Open Connect Application.
  2. Select your deployment card.
  3. In the login window, select tiCrypt category.
  4. Click the Create new user account button in the center.
  5. In the new window, click Register with MFA.
  6. In the pop-up, enter your login ID (usually your university email), first name, and last name.
  7. Click Login.
  8. Click Continue to password.
  9. Next, enter your password twice to confirm.
  10. Click Continue to optional information.
  11. Enter your optional contact email (similar to university email), department, position and notes for your admin.
  12. Click Review account.
  13. Review your information and click on the field you wish to update.
  14. Once you updated the field click Return to review button.
  15. Click Finish registration to proceed.
  16. Select folder for your public-private key pair and click Save.
  17. Click the Redownload private key button to re-download the private key.
  18. Click Continue to tiCrypt.
  19. Wait for an admin to activate your account.
  20. Once active, click Load key in the login page.
  21. Open the key file that you saved locally.
  22. Enter your password.
  23. Click Login.
  24. In the MFA pop-up, enter your email and details.
  25. You are logged in.
danger

You must keep your private key safe on your local machine. Never share it with anyone, not even your admin. Do not upload your private key online.

Verify Your Email After Registration

  1. Log into tiCrypt.
  2. Click the Open User Menu button in the top left corner.
  3. Select My profile.
  4. In the overlay, click the Three-dot button on your profile card in the top-center panel.
  5. Select Edit metadata.
  6. In the prompt, verify your contact email information.
  7. Click Save.

Reset Your Password

  1. Contact your administrator or team support.
  2. Your administrator will find your escrow group and escrow your key.
  3. You will be emailed a temporary password to log in.
  4. After logging in with temporary password, create a new password from your user profile.
  5. You will log in as usual.
note

You cannot use the previous key to log in to the system.

danger

If your administrator did not generate an escrow key for your account initially, you will never be able to log in or recover your account when you forget your password.

Enable Accessibility Mode for Users with Special Needs

  1. Open Connect Application.
  2. Select your deployment card.
  3. In the login window, select tiCrypt category.
  4. Click the Accessibility Mode button.
info

tiCrypt satisfies the general AA ADA requirements using a combination of high-contrast colors for partially impaired users with special needs.

The Login Mechanism in tiCrypt

Every user in tiCrypt has a private and public key. Public keys can and should be shared with other users as there is no risk in sharing a public key. There is, however, a huge risk in sharing a private key.

Hypothetically, private keys could be stored in a secure place, such as a protected key store. However this is not how tiCrypt operates.

Storing private keys in a secure location can still result in theft if the location is hacked, especially through the impersonation of the Site-key Admin, creating a potential breach in the system.

By splitting the key into multiple parts and fully separating the power of control between escrow users, you can achieve a much higher level of security, all coordinated by cryptographic mechanisms.

To better understand this process, consider the following analogy.

You live in your house.

You want to give other people the key to your house in case you ever lose your key. However, you only want people to be able to get into your house if you are there.

You can give a key to a friend, but they can still go behind your back and enter your house. The same applies to your family members. You think about giving half of one key to one of your friends and the other half of the key to another friend. This idea could work, but they will enter the house if the two friends collaborate and put their keys together.

This solution does not suffice.

You cannot issue the pieces of the key to people that are related to each other. Hence, you give 1/3 of the key to a family member, 1/3 of the key to one of your friends, and 1/3 to a co-worker. None of the individuals in the three groups know each other, nor do they know who holds the different parts of the key. This solution works. And the more pieces of the key that the owner of the house issues out, the more secure their house will be.

The way that Escrow works in tiCrypt is the same.

tiCrypt enforces a minimum of three escrow groups but encourages the use of more. Each time a user's key is escrowed, the backend receives "fragments" of it. If the user ever loses their private key, one member from each escrow group must get and put the pieces together.

This solution ensures that no single individual can obtain another user's private key.

note

Once a key is escrowed, each escrow group delegates a distinct member to hold 1/3 of the key.