Should I Allow My Encrypting Key to Default to My Password?
I understand that my encryption key is never transmitted or stored on the Rhinoback system, but if I allow my encryption key to default to my password will Rhinoback then have my encryption key?
There is no compromise in security if you let your encryption key default to your password. Rhinoback does not actually store your password. Rhinoback only stores a hashed version of your password which is used to validate your login credentials. Encryption keys are based on the real password, not the hashed version of the password. Even if you let your encryption key default to your password, the encryption key needed to access your data is not transmitted to the Rhinoback servers and is never stored on the Rhinoback system.
Important: The hashed version of your password cannot be used to decrypt data. If you lose your password, the "forgotten password" page will only send your hashed password. Your actual password cannot be recovered, therefor your backup data cannot be encrypted. Please see this article about lost passwords.