Q: How to reset encrypt iPhone Backup Password on iTunes if I Lost my Password

Warning: If you encrypt an iPhone backup in iTunes and then forget your password, you will not be able to restore from backup and your data will be unrecoverable. If you forget the password, you can continue to back up and use the device, however you will not be able to restore the encrypted backup to any device without the password. You do not need to enter the password for your backup each time you back up or sync.

If you cannot remember the password and want to start again, you must perform a full software restore and when iTunes prompts you to select the backup from which to restore, choose set up as a new device.

________

The above comes from here:

http://support.apple.com/kb/HT4946

If you are using iCloud Backup you will be able to get almost all your data through iCloud.  Music and Video may have to be downloaded via USB, but those files are NOT encrypted.

Sorry but this is either terrible advice or there is something seriously wrong with iTunes. It should be possible to reset iTunes and do a new backup (not retrieve the old one) without deleting everything from your phone. It's only the Backup password here that is forgotten. Not the Apple ID or iPhone passcode.

I've the same problem. it's frustrating as all the Google, YouTube hits seem to just want to send you to buy a recovery tool. I know there's got to be some file, some data store somewhere you can delete. I tried deleting my backup, even the directory on disk but somehow iTunes will not let me create a new backup unless I enter a password for the old one. My goodness! Can someone help???

The solution was posted by Sberman two years ago, quoting from and linking to the very Apple support article that explains it.  If you forgot the password, you will HAVE to restore the device as new.  The entire encrypted backup system is designed to protect the data, period.  You cannot access an existing backup, nor can you simply make a new backup without knowing that password.  That is explicitly by design of the system.

Thanks for the reply. Unfortunately, that's a pretty poor design then.

You show up at my door one rainy night. I ask for your driver's license and then ask you for a password, Don't even tell you to remember it. Just ask for a password. Then you try to come back 2 years later. I ask for your password. Tell you that unless you have two options. Change into a new person or give me the password. Lame, no?

There are many ways to enforce this without having to have such a light design. There are at least 3 passwords you need with an apple product. Your apple store id, your phone passcode, and your itunes backup password. One of those should unlock it. If not, the act of setting a password should at least strongly enforce that once you forget it, you're sol. Force you to enter it 3 times. Something, not just lightly let you set it and then realize you'll never recover it.

Wby would you even expect that for ANY security model, once you set a password, forgoing it would NOT leave you "sol"?  What's the point of having a model where you can set a password, immediately forget it and then readily bypass it?

Of course when you are asked to set a password you need to remember it.  That's what passwords are for, to protect data from ANYONE who does NOT know the password.

An encrypted backup saves all sensitive information, including passwords and health data. You say that you would like to be able to recover the password for the backup if you know of another password on the phone. Say then, that someone hacks your iTunes account and then uses that to access your password protected backup, then has access to all of your data, including sensitive information. Not for me.

I'm glad that with that type of encryption, that even Apple cannot access my backup. It is so secure that the only way to deal with it without the actual password is to destroy it. Just like running the papers through the shredder. I dislike the thought of any backdoor method, since that invites people to try and access things.

I understand that. I understand backups and encryption and I don't argue with the need to protect sensitive date. The password in question however is a side bar to the user, too easy to set (as it is an application option), and therefore is poorly registered with the user. There are better ways of implementing this feature to at least impress upon the user that this is a one time shot. The fact that the password is not recoverable (though it appears there are about a dozen products out there that appear to argue otherwise) is great. I'm simply outlining that the way it is implemented is poorly implemented.

I had the same issue. As others mentioned it is a lifetime handcuff if one forgets the iTunes backup password... Deleting the backup doesn't help. And even worse, I tried a new laptop which my phone never connected to before, and same thing, it still asked for the same password, which is an extremely stupid design. Let me explain why a bit, in case some people still don't get it.

Thanks for your explanation but I think you missed the core point. The argument here is not to have a "bypass" for the forgotten password or not, we are not asking for a bypass. The argument is, I created a backup using my phone, and if I forget the password, I just lost the ability to access my backup, and for security reason I shouldn't be able to reset the password for that backup, that makes total sense. But should I at least have the ability to create a new backup using MY phone with a new password? Of course yes! I still own and possess my phone, and I have all pins and passwords to access everything inside it, and it shouldn't matter whether I remember the password I used to create the encrypted backup, which was possibly created more than a year ago and I don't intend to restore from anyway. If I'm a malicious user, with the phone physically in my possession and all the pins and passwords, I would be able to get all the info I need from the phone, why would allowing me to make a new backup with a new password create additional risk?

zlpublic wrote:

 

I had the same issue. As others mentioned it is a lifetime handcuff if one forgets the iTunes backup password... Deleting the backup doesn't help. And even worse, I tried a new laptop which my phone never connected to before, and same thing, it still asked for the same password, which is an extremely stupid design. Let me explain why a bit, in case some people still don't get it.

 

Thanks for your explanation but I think you missed the core point. The argument here is not to have a "bypass" for the forgotten password or not, we are not asking for a bypass. The argument is, I created a backup using my phone, and if I forget the password, I just lost the ability to access my backup, and for security reason I shouldn't be able to reset the password for that backup, that makes total sense. But should I at least have the ability to create a new backup using MY phone with a new password? Of course yes! I still own and possess my phone, and I have all pins and passwords to access everything inside it, and it shouldn't matter whether I remember the password I used to create the encrypted backup, which was possibly created more than a year ago and I don't intend to restore from anyway. If I'm a malicious user, with the phone physically in my possession and all the pins and passwords, I would be able to get all the info I need from the phone, why would allowing me to make a new backup with a new password create additional risk?

Presumably, if you've gone to the effort of an encrypted backup then you also have a passcode lock and fingerprint lock set up on your device. In that case a malicious person with physical access DOES NOT have access to the device's content. The content itself is encrypted using a system tied to the fingerprint/password and the hardware/firmware ID of the device.  Even the FBI and other police agencies have complained to congress that they are unable to access iOS device contents when the built-in security systems are properly set up and used by owners.

If a thief or whomever could now somehow bypass the backup encryption requirement and just make a new backup in a new computer, that would indeed open an opportunity (remote as it may be) to gain access to data. Again, the whole point of the encryption password is that without it the data, period, is not accessible - not in a backup file and not from the device by any means.  Any password based system that allows resetting or bypassing in some form is vulnerable to exploits, as anyone with an online, password protected account of any kind has learned at some point in their lifetime.  For that same reason, the default method of resetting an iOS device's lock passcode is to restore it, wiping it in the process (you can restore from a backup, but that too over-writes everything that WAS on it beforehand and only puts back what was in the backup that you have control of). There is no backdoor or bypass to reset a forgotten screen lock passcode.

Any time you allow a password based security system to be reset by some means or bypassed by some method, you weaken the Security model as you have opened a door for exploits, most of which no one will even be aware of or have thought of until someone actually exploits it.

Thanks for the detailed reply! Yes I agree with the grounds and facts you mentioned, but still, I think your argument is mainly that the encryption password shouldn't be bypassed to access the data. My main argument was never about this, but the fact that losing the password not only prevents access to this encrypted backup (which I'm totally fine with and it should be this way), but also prevents me as a legal owner to be able to use the backup-restore function, or even the ability to transfer my data to a new phone, for lifetime. And the key point is, I have all pins and passwords in order to access anything in the phone, only losing the password for an encrypted backup which I don't need any more. Why should Apple block me in this case?

And, to your example, if a malicious user stole my phone, of course they should not be able to the device's content, given that they don't know my device pin/password. The difference is that I'm the owner, and I know the device pin, but I still cannot use backup/restore any more, indefinitely. Making backups without being able to restore later makes no sense. And if the concern is about a malicious user could access user's data by making a backup, shouldn't the design be like always ask the user to enter the device pin every time before a backup can be made (whether or not backup is encrypted)?

Despite your detailed explanation, and justification for how it should be, we, as users just like you, cannot change it. You, Michael, and anyone else could debate this forever and it still wouldn't change it. Your best avenue of approach is to provide feedback to Apple. It works the way it does right now, and only Apple can change it. Feedback goes here, http://www.apple.com/feedback and then click on the appropriate subject area. That is where Apple will see your desire to change the way that encrypted backups work, no where else.

It's not true at all that you are prevented from backing up your phone"ever again" if you've forgotten your password.

All the data on your phone can be migrated manually somewhere while you restore the phone and set it up as new, removing the encryption requirement. Now you can manually migrate the data back on to your encryption-free phone and life goes on. Not as slick as some may want, but it is absolutely achievable.

Any idea how many evil-doers sit around day after day looking for holes in secure things? I would imagine the first guy who can deliver a hack for Apple's Activation Lock and Backup Encryption would be a hero of epic proportion to his followers. Hasn't happened yet. That's good security that takes some effort to manage. Find a way to securely store your passwords.

Not sure exactly why you responded to me, but syncing the device is always a good idea, if that is the "manual migration" you were referring to. And yes, to backup again, you need to delete the backup in iTunes and restore the device. Then you restore the contact via a sync, rather than a backup, since the backup restores the encryption. I know all of this, and I'm not the one that was having issues with backup encryption.