Support & Knowledge Base


Still have questions? We have answers! Check out our Frequently Asked Questions for everything you need on SpiderOak

Is SpiderOak really 'Zero-Knowledge'? Could you read a user's data if forced at gunpoint?

SpiderOak is, in fact, truly 'Zero-Knowledge'. The only thing we know for sure about your data is how many encrypted data blocks it uses (which we would have to know to bill for the appropriate amount of storage). On the servers, we only see sequentially numbered data blocks -- not your foldernames, filenames, etc.

How is this reconciled with our ability to do a password reset? The short answer is: It isn't! We cannot reset your password. When you create a SpiderOak account, the setup process happens on your computer (after you download the application) and there your password is used in combination with a strong key derivation function to create your outer layer encryption keys. Your password is never stored as part of the data sent to SpiderOak servers.

As part of the new account setup process, most companies ask users to agree to some "end user licensing agreement", but instead SpiderOak asks users to agree to a "password policy." The password policy basically says that you alone are responsible for remembering your password, and that we cannot help you if you forget the password.

We do allow you to create a "password hint" to help you remember your password. That however, is as far as we go.

More information about this is on our website in the engineering section of our website, which talks about our 'Zero-Knowledge' approach, the password policy, and encryption specifications.

Couldn't find an answer to your question? Email our support with your question.

Have a Question?