Q: How can we reset Backup password

So in my scenario, I know my backup password.  It's the same one I used to log into this account.  Yet iTunes insists the password is incorrect despite my having used the exact same password to do a previous recovery.  At this point, I don't care about the encrypted backup.  I don't need it.  What I need is for iTunes to create a NEW encrypted backup file with MY password.  How do I tell iTunes to screw the old backup and create a new one with a new password?

About encrypted backups in iTunes - Apple Support

This article answers all of the questions that have been posted in this discussion. There are no hidden scenarios or overrides for this as the encryption is solely with your backup file and nowhere else. Apple does not create a backdoor for this as has been explained by the company quite thoroughly in the last several months. When you create an encryption password, it is per the backup file. So long as you are adding to the chain on the existing backup file with the original encryption key, the key will remain the same. IF you were to create another backup file on the same computer for a separate device, or for a factory restored device that has no key it is remembering, you will have the option of issuing a new encryption password for that file. That key will only be usable with that file and any updates to its backup in the future.

Mallenbrand, your device recognizes that it has an encrypted backup to load and update to. As listed in the bottom of the article I have posted, "if you forgot your password, the only way to turn off backup encryption on your device is to erase your device and set up as new."

Once you setup your device as new, you will be able to setup a new encryption password for your backups once again.

It is clear why an encrypted backup cannot be restored without the password. If there were backdoors then the backup would not be secure. However, the fact that once a user starts encrypting backups all future backups have to be encrypted does not make sense. If a user has possession of the device and knows the passcode to open and the Apple ID/PW, he has access to everything on the phone itself. The user should be able to delete the encrypted backup from iTunes (he can do so now) and then do a new backup without encryption if he so desires without the need to restore as new. No security would be compromised as the encrypted backup is not used and everything on the phone is already available to the user as-is. As I mentioned, requiring all future backups to be encrypted forever does not seem logical.

Exactly.  I have the device.  I use it regularly.  The fact that I can no longer back it up is ridiculous.  I should be able to simply create and point it to a new non-encrypted backup file.

So, back it up to iCloud. Then erase it. Then back it up to iTunes as an un-encrypted backup. Then restore from the iCloud backup. Then back up to iTunes again.

GB

iCloud is too small to hold the data.  I'd have to purchase additional space just so I can reconfigure my backup settings, not to mention the time involved to backup and restore.  If you've ever restored a 64GB device from iCloud you know the hours involved in that process.  I was hoping for a solution that wouldn't take days to accomplish.  I'm afraid Apple has applied the screws to me on this one.

gail from maine wrote:

So, back it up to iCloud. Then erase it. Then back it up to iTunes as an un-encrypted backup. Then restore from the iCloud backup. Then back up to iTunes again.

That should work, space permitting. Your workaround shows that requiring all future iTunes backups to be encrypted is not needed for security reasons. I am going to bookmark your workaround as others may benefit.  

elcpu wrote:

 

It is clear why an encrypted backup cannot be restored without the password. If there were backdoors then the backup would not be secure. However, the fact that once a user starts encrypting backups all future backups have to be encrypted does not make sense. If a user has possession of the device and knows the passcode to open and the Apple ID/PW, he has access to everything on the phone itself. The user should be able to delete the encrypted backup from iTunes (he can do so now) and then do a new backup without encryption if he so desires without the need to restore as new. No security would be compromised as the encrypted backup is not used and everything on the phone is already available to the user as-is. As I mentioned, requiring all future backups to be encrypted forever does not seem logical.

FBI: Tell us your iPhone passcode.

You: No, under the 5th Amendment I am not required to.

FBI: OK, then tell us your iTunes backup passcode.

You: No, see my previous answer.

FBI: OK, we will delete the encrypted backup, then make a new unencrypted backup, which we can do because we have your computer and your phone already has a trust relationship with the computer, because you have made other backups. We can then erase your phone, then restore the now unencrypted backup. Or just extract data from the backup.

An iCloud backup does not back up everything on the phone. It only backs up app data. Not music. Not photos. Not apps. I have a 128 GB iPhone, with 100 GB used, and my iCloud backup is 5.8 GB. And that includes the 3 most recent backups. So backing up to iCloud, then erasing the phone to remove the encrypted backup, is a viable solution.

elcpu wrote:

 

gail from maine wrote:

So, back it up to iCloud. Then erase it. Then back it up to iTunes as an un-encrypted backup. Then restore from the iCloud backup. Then back up to iTunes again.

That should work, space permitting. Your workaround shows that requiring all future iTunes backups to be encrypted is not needed for security reasons. I am going to bookmark your workaround as others may benefit.  

The iCloud backup and all subsequent backups will no longer contain the secure data included in the encrypted backup (app passwords, secure notes, etc). An iCloud backup simply does not contain some of the data of an encrypted iTunes backup.

Lawrence Finch wrote:

FBI: Tell us your iPhone passcode.

You: No, under the 5th Amendment I am not required to.

FBI: OK, then tell us your iTunes backup passcode.

You: No, see my previous answer.

FBI: OK, we will delete the encrypted backup, then make a new unencrypted backup, which we can do because we have your computer and your phone already has a trust relationship with the computer, because you have made other backups. We can then erase your phone, then restore the now unencrypted backup. Or just extract data from the backup.

What is your point?

Michael Black wrote:

 

elcpu wrote:

 

gail from maine wrote:

So, back it up to iCloud. Then erase it. Then back it up to iTunes as an un-encrypted backup. Then restore from the iCloud backup. Then back up to iTunes again.

That should work, space permitting. Your workaround shows that requiring all future iTunes backups to be encrypted is not needed for security reasons. I am going to bookmark your workaround as others may benefit.  

The iCloud backup and all subsequent backups will no longer contain the secure data included in the encrypted backup (app passwords, secure notes, etc). An iCloud backup simply does not contain some of the data of an encrypted iTunes backup.

That is not correct. An iCloud backup IS encrypted, using a different encryption key than the one in an iTunes backup. An iCloud backup contains the same information that an encrypted iTunes backup contains. See this for what is included in each backup type: About backups in iCloud and iTunes - Apple Support

My point is that allowing an unencrypted backup to be made of a phone that previously had an encrypted backup is a huge security hole. It's the equivalent of not making an encrypted backup in the first place. The phone has no way of knowing if it is the authorized user or a third party that is removing the encrypted backup.

Lawrence Finch wrote:

 

My point is that allowing an unencrypted backup to be made of a phone that previously had an encrypted backup is a huge security hole. It's the equivalent of not making an encrypted backup in the first place. The phone has no way of knowing if it is the authorized user or a third party that is removing the encrypted backup.

As Gail showed, there is a workaround. And deleting an encrypted backup is not a security hole, nothing in the backup is read, it is just deleted.

I have no problem with Gail's solution. It's one that I have recommended in the past.