Sorry for the late reply.
The restore is initiated from the same backup console using the same account. Having said that I also tried to initiate the restore on the same server in the Veeam console with another user account and still doesn't ask me for for the encryption password.
Backup was showing under the backup node (if by backup node you mean under "Jobs" > "Backup") and it is not an imported backup.
Received the response from Veeam Helpdesk as below so can this please be added for future updates? It would be good for Veeam to prompt for a password for all restores or atleast have it as an option in the configuration for people who need to use it can enable it.
Thanks for your reply.
"As mentioned I am referring to a standard restore and not an import"
What do you mean a standard restore, could you please clarify? There are 3 options to restore the backups:
1. To import it first and then perform the operation.
This option requires the password for encrypted backup when you do importing: http://prntscr.com/8smc95
2. To do the double-click on backup file.
This option opens Veeam console for you and the first thing it asks is a password it has been protected with: http://prntscr.com/9f6qxv
3. Use Powershell cmdlet.
"If a user’s Active Directory account is compromised the hacker can login and have access to a lot more systems via the backups than his account would allow for which is a big risk"
That's true. If the Administrator account has been compromised, and the thief has an access to the console that has all backups already imported, he will be able to restore any of those.
The second factor of authentication could be implemented as a feature request.You might want to submit the one on our official forum: http://forums.veeam.com/
There are no definite road maps for future releases, however our product management team reviews all requests on forum and the most valuable are submitted.
Please let me know if you have any other questions.