Step 2: Register Your Account
tiCrypt has multiple account types. If you need to register a Site-Key Admin account, see Site-Key Admin Training. For an Escrow User account, see Escrow User Training.
- Register a user account.
- Verify your email address.
- Reset your password.
- Enable Accessibility Mode.
- The login mechanism.
Prerequisites
Access Level:
User, Sub-admin
Permission Requirements
- None.
When you register, tiCrypt generates a private key stored in a key file on your device. This key encrypts and decrypts all your data. If you lose both your password and your key file, your data cannot be recovered (unless your deployment has key escrow configured). After registration:
- Download your key file and store backup copies in multiple secure locations.
- Never share your key file with anyone, including administrators.
- Changing your password generates a new key file and invalidates the old one.
Register a User Account in tiCrypt
To create a new user account in tiCrypt, follow these steps:
- Open Connect Application.
- Select your deployment card.
- In the login window, select the tiCrypt category.
- Click the Create new user account button in the center.
- In the new window, click Register with MFA.
- In the pop-up, enter your login ID (usually your university email), first name, and last name.
- Click Login.
- Click Continue to password.
- Next, enter your password twice to confirm.
- Click Continue to optional information.
- Enter your optional contact email (similar to university email), department, position, and notes for your admin.
- Click Review account.
- Review your information and click on the field you wish to update.
- Once you have updated the field, click the Return to review button.
- Click Finish registration to proceed.
- Select a folder for your public-private key pair and click Save.
- Click the Redownload private key button to re-download the private key.
- Click Continue to tiCrypt.
- Wait for an admin to activate your account.
- Once active, click Load key on the login page.
- Open the key file that you saved locally.
- Enter your password.
- Click Login.
- In the MFA pop-up, enter your email and details.
- You are logged in.
The system assigns you a unique color and icon for your key on the login page.
You must keep your private key safe on your local machine. Never share it with anyone, not even your admin.
Verify Your Email After Registration
- Log into tiCrypt.
- Click the Open User Menu button in the top toolbar.
- Select My profile.
- In the overlay, click the Three-dot button on your profile card in the top-center panel.
- Select Edit metadata.
- In the prompt, verify your contact email information.
- Click Save.
Reset Your Password
- Contact your administrator or team support.
- Your administrator will find your escrow group and escrow your key.
- You will be emailed a temporary password to log in.
- After logging in with the temporary password, create a new password from your user profile.
- You will log in as usual.
You cannot use the previous key to log in to the system.
If your administrator did not generate an escrow key for your account initially, you will never be able to log in or recover your account if you forget your password.
Enable Accessibility Mode for Users with Special Needs
- Open Connect Application.
- Select your deployment card.
- In the login window, select the tiCrypt category.
- Click the Accessibility Mode button.
tiCrypt satisfies the general AA ADA requirements using high-contrast colors for users with partial visual impairment.
Exit Login Page to Select New Deployment
- Open Connect Application.
- Select your deployment card.
- In the login window, select the tiCrypt category.
- Click the Exit tiCrypt button in the bottom center.
The Login Mechanism in tiCrypt
Every user in tiCrypt has a private and public key. Public keys can and should be shared with other users, as there is no risk in sharing a public key. There is, however, a significant risk in sharing a private key.
Hypothetically, private keys could be stored in a secure place, such as a protected key store. However, this is not how tiCrypt operates.
Storing private keys in a secure location can still result in theft if the location is compromised, especially through impersonation of the Site-Key Admin, creating a potential breach in the system.
By splitting the key into multiple parts and separating control among escrow users, tiCrypt achieves a higher level of security, coordinated by cryptographic mechanisms.
To better understand this process, consider the following analogy.
You live in your house.
You want to give other people the key to your house in case you ever lose your key. However, you only want people to be able to get into your house if you are there.
You can give a key to a friend, but they can still go behind your back and enter your house. The same applies to your family members. You think about giving half of one key to one of your friends and the other half of the key to another friend. This idea could work, but they can enter the house if the two friends collaborate and put their keys together.
This solution does not suffice.
You cannot issue the pieces of the key to people who are related to each other. Hence, you give 1/3 of the key to a family member, 1/3 of the key to one of your friends, and 1/3 to a co-worker. None of the individuals in the three groups know each other, nor do they know who holds the different parts of the key. This solution works. The more pieces of the key that the owner of the house issues, the more secure their house will be.
Escrow in tiCrypt works the same way.
tiCrypt enforces a minimum of three escrow groups but encourages the use of more. Each time a user's key is escrowed, the backend receives "fragments" of it. If the user ever loses their private key, one member from each escrow group must retrieve and combine the fragments.
This solution ensures that no single individual can obtain another user's private key.
Once a key is escrowed, each escrow group delegates a distinct member to hold 1/3 of the key.