Could someone who had my SpiderOak data from the server easily learn my password and decrypt my data

This article has moved to our new Help Center and will no longer be updated on this page. Please see the Help Center for the newest version.

Unless there are significant advances in mathematics (which would be worldwide events and greatly change the world of encryption), password derivation techniques on the SpiderOak key structure are very difficult. The key derivation functions we use are strongly designed to withstand heavy brute force password techniques and pre-computation, such that even on a very modern computer, each password guess takes about one second. So, it could only complete about 32 million password attempts a year. Compared to the number of possible passwords, it would take 100 such computers decades to guess a well chosen password. Of course, if you were to choose a password that is made entirely from words in a dictionary, fewer attempts may be needed to guess it.

This means that you have the ability to increase the security of your data even further by choosing a strong password. We recommend choosing a password with at least eight characters, mixed case and numbers.