You should also make sure that you're making full use of Keychain for password storage. Then, for most things, you only have to remember one password.

elcpu wrote:

 

Meg St._Clair wrote:

 

However, in the case of the back up, you should be able to delete the encrypted back up then make a new one. I believe the path to delete it is Preferences>Back up but I don't use iTunes much any more.

 

Sorry Meg but it will not work. Once you select "Encrypt" on iTunes, all future backups will be encrypted by default. Whether you delete the encrypted backup or not makes no difference. All the OP can do is this:

If you forgot the Encryption Password:

https://support.apple.com/en-us/HT205220

There is a workaround that Demo mentioned but it is time consuming. To bypass the issue of encrypted backups always being encrypted:  Backup to iCloud. Then erase the phone. Then backup to iTunes as an unencrypted backup. Then restore from the iCloud backup. Then backup to iTunes again.

From: https://discussions.apple.com/message/30209896?tstart=0#30209896

Thought that it used to work that way. Thanks for the clarification.

Sure thing, Meg... 

I don't know the answer to the HIPAA question, sorry, but the encryption process has been in place for quite a while.

Working in healthcare, I can say that it is most likely related to HIPAA requirements, though I'm not aware of any official statement by Apple on the matter.

amyakatrinity wrote:

Is anyone else appalled that there is no password recovery or secure reset in place for encrypted backups????

I would be appalled if there WAS a password recovery capability, because it would mean that any competent hacker could get into my encrypted backup. As soon as you have a way around a password your security is nonexistent.

If you want security you need to be prepared to either remember your passwords, or use one of the many password storage solutions that are widely available. I have 350 different passwords for various websites and backups. I keep them in SplashID Safe, which in itself has a strong (20 character) passcode. That's the only one I have to remember. And just in case I forget it, or I am incapacitated and a family member needs it, that passcode is in a physical home safe. And it's combination is well hidden.

amyakatrinity wrote:

 

Welp, at least I have the iCloud option, at the hefty premium of iCloud storage for a 128GB phone. What about people who can't afford the 1TB plan?

 

 

What on earth do you need a 1TB plan for?  I back up a 64GB iPhone 6, a 128GB iPad Air2 and a 128GB iPad Pro all in the free 5GB of iCloud storage included with every account (I also backup all my iBook ebook and audiobook content there too) .  ICloud backups do not include apps themselves, just their data, nor do they include iTunes Purchased content, or any other data already contained in iCloud by virtue of being sync'd via iCloud. And the backups are highly compressed encrypted binary files. There is no inherent reason to have to pay for any additional iCloud storage to backup a 128GB device.

This thread could easily be different with the subtle change of but a few characters....

What would the level of outrage be for this lead off question...

Is anyone else appalled that there is no  a password recovery or secure reset in place for encrypted backups????

I am absolutely stunned that there is no a password recovery for encrypted iPhone backups.

Somebody stole my laptop containing,  amongst the obvious personal items of mine, an iTunes backup of my phone which includes my personal health data. I had taken the precaution of adding an encryption password to this backup to keep it safe. Or so I was lead to believe.

Like most people, I keep my most personal data on my iPhone, so I knew I needed to protect my iTunes backups with this extra level of security. It seems my Apple ID password was not as secure as I thought and they signed in and used Apple's "reset my encrypted password" online process to reset that encrypted iTunes backup password. They were then able to access all of my personal phone data by simply restoring the supposedly "not accessible without a password" backup to another blank phone.

What IT risk audit team approved this feature, Apple? It is utterly unbelievable that a company of your caliber would set people up to fail like this. Please issue a fix in iTunes for password recovery and override. PLEASE.

Food for thought? Security is in place for very good reasons.

amyakatrinity wrote:

 

iPhone backup is just one piece of the overall storage. My work involves live performances, music recordings, etc. You'd be amazed how quickly 4-hour sets fill up....

So then you're extensive use of iCloud for storage has nothing to do with a normal simple iCloud backup of a 128GB device. 

Ah, that was my point, but you made it much more effectively. Thanks!