Replacing a lost Tech’s encryption key, or forgotten PassPhrase, or lost MFA

The asymmetric encryption keys that protects all of a Technician’s credentials is protected by a pass phrase. There are a few situation where a tech could lose access to the credentials.

They forget the passphrase
The lose access to the MFA for the TechIDClient  
Check the times on the computer and MFA device to confirm they match before proceeding.
They lose the computer (or it gets destroyed, or stolen) and they get a new computer.

There are two options to recover from these situations. One if the tech has a backup of their keys, and one if they do not have a backup of the keys.

WITH BACKUP of KEYS    🙂

To recover from these situations if the tech has a backed up their encryption keys follow these steps.

Rename (or delete) the c:\users\{user}\RuffianSoftware directory
Open TechIDClient
Enter a new PassPhrase in the wizard and confirm it
Select Import and choose the saved keys file.  
Step through the rest of the Wizard.
As soon as they refresh all the credential information will show up again.

WITHOUT BACKUP of KEYS    🙁

To recover from these situations if the tech does not have a backup of their encryption keys follow these steps. Be aware that doing this will lose all the passwords the tech has stored in TechIDManger. That encryption key is the only way to access the stored passwords. Replacing the keys with these steps will regain access to all the Managed accounts on all the agents, by making new passwords for the existing accounts for that tech.

Have a manager go into the TechIDPortal and on the “techs” sections change the tech’s status to “keychange”
On the Tech’s computer  
Rename (or delete) c:\users\{user}\RuffianSoftware 
Open TechIDClient
Go through the Wizard
  1. Put in the correct “Client Guid”
  2. Put in the same “Name”, “First name”, “Last Name”, that they were using previously
  3. New keys will be generated.
  4. Save and upload this information as the last step in the Wizard. This will change the tech to “pending” in the TechIDPortal.
Have a manager go into the TechIDPortal and on the “techs” sections change the tech’s status to “active”
The previous accounts will be enabled and new passwords created for this user over the course of the next hour.

If you have any questions or need any assistance, let us know. We are glad to help.

1 thought on “Replacing a lost Tech’s encryption key, or forgotten PassPhrase, or lost MFA”

Comments are closed.