Backup System with Multiple Recovery Keys

1 . For a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices, the method comprising: storing the backup data encrypted with a set of data encryption keys; storing the set of data encryption keys encrypted with a master recovery key; and storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices. 2 . The method of claim 1 , wherein the set of data encryption keys are encrypted with a public master recovery key of a public/private master recovery key pair. 3 . The method of claim 2 , wherein the master recovery key data comprises one of (i) a private master recovery key of the public/private master recovery key pair and (ii) random data from which the public/private master recovery key pair is generated. 4 . The method of claim 1 , wherein the master recovery key is generated based on random data generated by the particular device. 5 . The method of claim 1 , wherein the master recovery key is not stored on any of the devices and is only accessible by decrypting one of the copies of the master recovery key with the private key of one of the devices. 6 . The method of claim 1 further comprising: encrypting the private key of the particular device, with a public escrow key of a public/private key pair generated by the particular device based on user-entered data, to create a first secure object; encrypting the first secure object, with a public key of a set of secure servers, to create a second secure object; and storing the second secure object with the set of secure servers. 7 . The method of claim 6 , wherein storing the second secure object with the set of secure servers comprises storing the second secure object with a proxy server for the set of secure servers. 8 . The method of claim 6 , wherein the first secure object comprises (i) the encrypted private key of the particular device and (ii) a set of verification data generated from the private escrow key of the public/private key pair generated by the particular device based on the user-entered data. 9 . The method of claim 1 , wherein the backup data synchronized between the related devices comprises at least one of passwords for a plurality of web domains, cryptographic keys, and account numbers. 10 . The method of claim 1 , wherein the particular device receives the public keys of the other related devices from the other related devices in order to enable the data synchronization with the other related devices. 11 . The method of claim 1 , wherein the encrypted backup data, the encrypted set of data encryption keys, and the plurality of encrypted copies of the master recovery key data are stored in a cloud storage associated with a particular user account. 12 . The method of claim 1 , wherein the encrypted backup data, the encrypted set of data encryption keys, and the plurality of encrypted copies of the master recovery key data are stored on a drive external to the set of related devices. 13 . A method for recovering a set of backup data for installation on a new device, wherein the backup data is stored for a set of related devices by one of the related devices, the method comprising: receiving input of user-entered data used to generate a public/private escrow key pair associated with a particular one of the related devices; transmitting data that proves possession of the private escrow key to a set of secure servers that store a plurality of secure escrow objects for the set of related devices, each of the secure escrow objects comprising a private recovery key of a different device encrypted with a public key of the secure servers and the public escrow key associated with the device; when the user-entered data is correct, receiving the private recovery key of the particular device from the set of secure servers; and using the received private recovery key to access one of a plurality of master recovery objects stored with the backup data, each of the master recovery objects comprising a master recovery key for accessing the backup data encrypted with a public recovery key of a different one of the related devices. 14 . The method of claim 13 , wherein receiving the private recovery key comprises: receiving a recovery object comprising the private recovery key encrypted with the public escrow key; and decrypting the recovery object with the private escrow key to recover the private recovery key. 15 . The method of claim 13 , wherein the new device is one of the related devices after re-installation of an operating system of the device. 16 . The method of claim 13 , wherein receiving input of the user-entered data comprises input of a device passcode for the new device, the method further comprising: identifying the devices in the set of related devices; and automatically selecting one of the related devices most likely to have a same passcode as the device passcode input for the new device according to a set of heuristics, wherein the private escrow key is identified as the escrow key for decrypting a particular one of the secure escrow objects corresponding to the automatically selected device. 17 . The method of claim 13 , wherein transmitting the data that proves possession of the private escrow key comprises: setting up a secure channel with the set of secure servers; and transmitting the data to the set of secure servers via the secure channel, wherein the private recovery key is received from the set of secure servers via the secure channel, wherein the set of secure servers and the secure channel prevent a centralized entity that stores the backups from being able to acquire the private recovery key. 18 . The method of claim 13 , wherein the set of secure servers comprises a set of hardware security modules that store the private keys of the secure servers and a set of proxy servers that store the secure escrow objects, wherein the set of hardware security modules performs the decryption of the secure escrow object. 19 . The method of claim 13 , wherein: when the user-entered data is incorrect, the set of secure servers decrements a number of available attempts to access the particular secure escrow object that the new device attempted to access; and when the number of available attempts reaches zero, the particular secure escrow object is made inaccessible. 20 . An electronic device that is one of a set of related devices, the electronic device comprising: a set of processing units; and a machine readable medium storing a program which when executed by at least one of the processing units backs up data synchronized between the electronic device and the set of related devices, the program comprising sets of instructions for: storing the backup data encrypted with a set of data encryption keys; storing the set of data encryption keys encrypted with a master recovery key; and storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices. 21 . The electronic device of claim 20 , wherein the set of data encryption keys are encrypted with a public master recovery key of a public/p