Skip to main content

Step 2: Register Your Account

Last updated: May 15, 2026Latest Frontend Version: 2.17.3
This page covers User Account registration

tiCrypt has multiple account types. If you need to register a Site-Key Admin account, see Site-Key Admin Training. For an Escrow User account, see Escrow User Training.

In this section
  • Register a user account.
  • Verify your email address.
  • Reset your password.
  • Enable Accessibility Mode.
  • The login mechanism.

Prerequisites

Access Level:

User, Sub-admin

Permission Requirements

  • None.
Your Private Key Is Your Identity

When you register, tiCrypt generates a private key stored in a key file on your device. This key encrypts and decrypts all your data. If you lose both your password and your key file, your data cannot be recovered (unless your deployment has key escrow configured). After registration:

  • Download your key file and store backup copies in multiple secure locations.
  • Never share your key file with anyone, including administrators.
  • Changing your password generates a new key file and invalidates the old one.

Register a User Account in tiCrypt

To create a new user account in tiCrypt, follow these steps:

  1. Open Connect Application.
  2. Select your deployment card.
  3. In the login window, select the tiCrypt category.
  4. Click the Create new user account button in the center.
  5. In the new window, click Register with MFA.
  6. In the pop-up, enter your login ID (usually your university email), first name, and last name.
  7. Click Login.
  8. Click Continue to password.
  9. Next, enter your password twice to confirm.
  10. Click Continue to optional information.
  11. Enter your optional contact email (similar to university email), department, position, and notes for your admin.
  12. Click Review account.
  13. Review your information and click on the field you wish to update.
  14. Once you have updated the field, click the Return to review button.
  15. Click Finish registration to proceed.
  16. Select a folder for your public-private key pair and click Save.
  17. Click the Redownload private key button to re-download the private key.
  18. Click Continue to tiCrypt.
  19. Wait for an admin to activate your account.
  20. Once active, click Load key on the login page.
  21. Open the key file that you saved locally.
  22. Enter your password.
  23. Click Login.
  24. In the MFA pop-up, enter your email and details.
  25. You are logged in.
note

The system assigns you a unique color and icon for your key on the login page.

danger

You must keep your private key safe on your local machine. Never share it with anyone, not even your admin.

Confirmations, Errors & Solutions
tiCrypt Connect Application Installed

At this point, you can see your tiCrypt Connect Application on your Mac/Windows desktop.

Invalid ID or Email

Must be a valid ID or email.

Re-enter ID or Email in the Correct Format

Use @ in the email or ID to match the input requirements and your institution's format.

Invalid First or Last Name

May only contain alphabetic characters, apostrophes, and spaces.

Re-enter First or Last Name

Your first or last name contains numbers. You must re-enter your first and last name using only alphabetic characters, apostrophes, and spaces.

Password Too Short

Must meet password strength requirement.

Re-type a Longer Password

You must enter a longer password to meet the minimum requirements for account registration.

Unmatched Passwords

Passwords do not match.

Re-enter Passwords

Re-enter the same password in the Password field and the Confirm Password field.

Invalid Optional Email

Must be a valid email.

Re-enter Optional Email in the Correct Format

Use @ in the email to match the input requirements and your institution's format.

Invalid Characters in Department, Position or Notes for Admin

May not contain any of / \ | : ? * < > { } or NUL.

Re-enter Optional Department, Position and Notes for Admin in the Correct Format

Use only alphabetic characters and spaces in the Department, Position and Notes for Admin fields. Do not use special characters.

Registration Failed

Registration failed: Authentication certificate did not match user being registered.

Re-register with the Appropriate User ID Format

Your admin has set up a specific institution email/user ID format. Ask your admin for your ID credentials for registration.

Taken Login ID

Sorry, that login ID is taken.

Enter a Different User ID

Somebody else from your institution already registered with the same user ID. You must enter a different user ID to register.

Verify Your Email After Registration

  1. Log into tiCrypt.
  2. Click the Open User Menu button in the top toolbar.
  3. Select My profile.
  4. In the overlay, click the Three-dot button on your profile card in the top-center panel.
  5. Select Edit metadata.
  6. In the prompt, verify your contact email information.
  7. Click Save.

Reset Your Password

  1. Contact your administrator or team support.
  2. Your administrator will find your escrow group and escrow your key.
  3. You will be emailed a temporary password to log in.
  4. After logging in with the temporary password, create a new password from your user profile.
  5. You will log in as usual.
note

You cannot use the previous key to log in to the system.

warning

If your administrator did not generate an escrow key for your account initially, you will never be able to log in or recover your account if you forget your password.

Enable Accessibility Mode for Users with Special Needs

  1. Open Connect Application.
  2. Select your deployment card.
  3. In the login window, select the tiCrypt category.
  4. Click the Accessibility Mode button.
info

tiCrypt satisfies the general AA ADA requirements using high-contrast colors for users with partial visual impairment.

Exit Login Page to Select New Deployment

  1. Open Connect Application.
  2. Select your deployment card.
  3. In the login window, select the tiCrypt category.
  4. Click the Exit tiCrypt button in the bottom center.

The Login Mechanism in tiCrypt

Every user in tiCrypt has a private and public key. Public keys can and should be shared with other users, as there is no risk in sharing a public key. There is, however, a significant risk in sharing a private key.

Hypothetically, private keys could be stored in a secure place, such as a protected key store. However, this is not how tiCrypt operates.

Storing private keys in a secure location can still result in theft if the location is compromised, especially through impersonation of the Site-Key Admin, creating a potential breach in the system.

By splitting the key into multiple parts and separating control among escrow users, tiCrypt achieves a higher level of security, coordinated by cryptographic mechanisms.

To better understand this process, consider the following analogy.

You live in your house.

You want to give other people the key to your house in case you ever lose your key. However, you only want people to be able to get into your house if you are there.

You can give a key to a friend, but they can still go behind your back and enter your house. The same applies to your family members. You think about giving half of one key to one of your friends and the other half of the key to another friend. This idea could work, but they can enter the house if the two friends collaborate and put their keys together.

This solution does not suffice.

You cannot issue the pieces of the key to people who are related to each other. Hence, you give 1/3 of the key to a family member, 1/3 of the key to one of your friends, and 1/3 to a co-worker. None of the individuals in the three groups know each other, nor do they know who holds the different parts of the key. This solution works. The more pieces of the key that the owner of the house issues, the more secure their house will be.

Escrow in tiCrypt works the same way.

tiCrypt enforces a minimum of three escrow groups but encourages the use of more. Each time a user's key is escrowed, the backend receives "fragments" of it. If the user ever loses their private key, one member from each escrow group must retrieve and combine the fragments.

This solution ensures that no single individual can obtain another user's private key.

note

Once a key is escrowed, each escrow group delegates a distinct member to hold 1/3 of the key.