Security
IDrive® e2 transmits all files using an encrypted TLS connection. Developers are encouraged to add their own encryption to their files before transmitting them to IDrive® e2. Developers can also set Server-Side Encryption on e2 buckets.
Data is stored in enterprise-class data centers equipped with state-of-the-art facilities — custom-designed elevated floors, HVAC temperature control systems with designated cooling zones, seismically-braced racks — and physical security features. The data centers are periodically checked for vulnerabilities in the network infrastructure with third-party audits.
IDrive® e2 uses a combination of object lock, versioning, and data retention features to secure against data loss from ransomware and accidental deletion or modification.
We are currently blocking access from the following countries for security and compliance reasons:
- Russia
- China
- Ukraine
Paid users from these countries can send request for allowing IPs but each request is subject to review and may not be approved. If your IP address changes frequently, you will need to provide updated information for consideration.
For more assistance, contact our support team.Multi-factor Authentication (MFA) is a security feature that adds an extra layer of protection to your account. It requires you to verify your identity through multiple factors, not just a password when accessing your account or performing sensitive operations.
With MFA enabled, actions like signing in or deleting objects in IDrive® e2 are better protected, allowing you to manage your data with greater confidence and control. MFA strengthens overall account security and significantly reduces the risk of unauthorized access.
Note: Backup applications may fail to delete objects if the target bucket has MFA Delete enabled.
MFA is required for the following operations:
- Signing in to your IDrive® e2 account (when MFA is enabled)
- Deleting objects from version-enabled buckets (when MFA for deletion is enabled at the bucket level)
To enable MFA, first add an authentication device to your account. Once added, MFA can be used for sign-in and deleting objects and buckets.
To enable MFA,
- Sign in to your IDrive® e2 account.
- Go to Settings > Security.
- Under Multi-factor Authentication, click Add
Authentication Device.
- Enter a device name and select one or both operations (Web console sign-in and/or MFA delete) to authenticate via this device.
- Click Next.
-
Install a TOTP app on your authentication device, such as:
- Google Authenticator (Android / iPhone)
- Microsoft Authenticator (Android / iPhone / Windows Phone 7)
- Duo Mobile (Android / iPhone)
- Scan the QR code displayed on the screen using the authentication app or enter the key manually.
- Enter the OTP generated by the app and click Add. The
device will be added.
- Download and save the recovery codes securely—these are useful if you lose access to your authentication device.
Note: Users with required access permissions can use the admin device name and OTP to perform the MFA delete operation.
To enable MFA for a bucket,
- Sign in to your IDrive® e2 account.
- Go to the Buckets tab.
- Hover over the bucket for which you want to enable MFA and click
.
- In the Summary section, enable Multi-factor Authentication
and click Update Bucket.
- To verify your identity, select your authentication device from the dropdown.
- Open your authenticator app and enter the current OTP.
- Click Enable MFA.
You can disable MFA at any time by revisiting the bucket settings.
To sign in once MFA is enabled:
- On the sign-in screen, enter your username and password and click Sign In.
- You will be prompted to enter a one-time code generated by the TOTP app.
- Open the TOTP app on your authentication device, enter the code, and click Submit Code.
To delete objects when MFA is enabled,
- Sign in to your IDrive® e2 account.
- Go to the Buckets tab.
- Click the bucket containing the object(s) you want to delete.
- Click
next to the object. - Click Delete to confirm. The MFA authentication popup will be displayed.
- Select the required device and enter the OTP to authenticate, and click
Delete Object. The object will be permanently removed.
Note:
- If you are already authenticated with MFA during sign-in, no additional verification is required when deleting objects.
- Users with required access permissions can use the admin device name and OTP to perform MFA delete operation.
Yes. IDrive® e2 allows you to register upto 10 authentication devices for MFA. Once added, you can choose the desired device from a dropdown menu to generate and use the OTP for sign-in or MFA delete operations.
You can also delete an MFA device and update permissions from the Settings > Security menu.
Any app that supports TOTP (Time-based One-Time Password) is compatible. Common apps include:
- Google Authenticator (Android / iPhone)
- Microsoft Authenticator (Android / iPhone / Windows Phone 7)
- Duo Mobile (Android / iPhone)
To enable MFA using AWS CLI,
Create an AWS profile using the following commands:
aws configure --profile PROFILE_NAME
aws configure --profile MY_PROFILEEnter the following details:
AWS Access Key ID
AWS Secret Access Key
Default region name (e.g., us-east-1)
Default output format (optional, e.g., json)Enable MFA for the bucket using the following commands:
aws s3api put-bucket-versioning \
--bucket BUCKET_NAME \
--versioning-configuration Status=Enabled,MFADelete=Enabled \
--mfa "DEVICE_NAME TOKEN_CODE" \
--endpoint-url https://<your-e2-endpoint> \
--profile PROFILE_NAMEDelete the object from MFA enabled bucket using the following commands:
aws s3api delete-object \
--bucket YOUR_BUCKET_NAME \
--key YOUR_OBJECT_KEY \
--mfa "DEVICE-NAME TOKEN_CODE" \
--endpoint-url https://<your-e2-endpoint> \
--profile PROFILE_NAME