Lost Password to iPhone Backup

I can tell you what worked for me. After trying all possible passwords that I would have used (I knew my password was correct) and still to no avial, I decided to make sure my I-tunes software was up to date. I updated my I-tunes software on my PC and alas! It worked. It accepted my password! I was so relieved. Hope this helps.

I used my Windows login password, and it's worked for me on different occasions when I had to transfer data to new iPhone. If you have a password you use to login to your computer, that's what you need to type in when prompted by iTunes for backup password. Hope it will work for you too.

So, I found this thread because I'm having a similar problem, but there doesn't seem to be any proper solution...

Problem: I recently bought a used iMac (that I've restored and reset to my own preferences). Today I intended to replace my older iphone with a newer one I just purchased. I backed up the old iphone for the very first time on this new computer, and I selected the encryption option. I was never asked to create a passcode. Period.

This would imply that itunes is already working with a passcode—a passcode that I did not input. When I tried to backup this data onto the new phone, it asked me for a password, utterly baffling me into a stupor.

This was the initial querry of this thread, and I still don't see any explanation here. The most recent responses seem to equate to "you absent mindedly put in a passcode and now you've forgotten it" or "here's a random list of possibilities to try."

Those are simply not a viable answers. They don't explain what is going on. I was never prompted for a password. This happened just a few hours ago, I remember exactly what I did. Even if I had put in some password and forgotten (for the sake of argument, maybe the Men in Black came in and wiped my memory) there are only 3 passwords I currently use and none of those passwords work.

So.... ***?

The answer is really simple.

When you made a backup on some computer and Encrypt Backup was checked you were required to enter a passcode. Twice. Whether you remember doing it or not. That passcode is the encryption key for the backup, and is also saved on your phone. Now if you have a new computer and make a backup, it will be encrypted using the same passcode you entered on the previous computer, because the phone knows about it. You will still have to guess it. Or back up the previous phone to iCloud and restore from that backup.

I have the same problem.

I have a new iPhone. I still have the old one. When I do a backup of the old one, I can't remove the "Encrypt iPhone backup" check mark. Therefore, iTunes encrypts my old phone's data when doing the back up with a password I don't have or can't recall. I can't change it and I can create a new one for a new backup. I am stuck. Any solution folks?

thanks in advance

iCloud encrypted backups do not require a password to be used to set up or restore a device. So, if you are talking about using iCloud to restore your device, then can you explain where you are being asked for a password during the process?

Cheers,

GB

I just got a new iPhone and attempted to use a backup from this April from my previous iPhone. I don't remember putting in a password when I made the backup in April, but it asked for one in order to get that specific backup. None of my usual passwords work.

An iTunes backup, correct? You are just going to have to try every possible password you have ever used for anything. Also try 1234, 9999, 1111, etc. - numbers that you might have put in without really thinking about it.

Best of luck,

GB

Out of intellectual curiosity...

1. Can an iTunes backup be made on a different computer? If "yes," does it have to be the same (unknown) password or can a new password be used?

2. If the user can locate and delete the backup file on the computer, can a new backup be made? Same (unknown) password required?

Philly_Phan wrote:

Out of intellectual curiosity...

1. Can an iTunes backup be made on a different computer? If "yes," does it have to be the same (unknown) password or can a new password be used?

Yes. The backup password will be the same, and cannot be entered again or changed without the original password. the phone "knows" that the backup is encrypted, and knows the encryption key (derived from the password).

2. If the user can locate and delete the backup file on the computer, can a new backup be made? Same (unknown) password required?

If you delete a backup the next backup will still be encrypted with the original password.

When you first create an encrypted backup you enter a password (twice). This password is used to generate an encryption key, which is stored on the phone. The password is not stored. All backups of the phone from that point on will be encrypted with the generated encryption key, regardless of where the backup is stored. Same computer, same computer that has no backups (because they were deleted), or a different computer.

When you restore a backup you enter a password, which is then encrypted (more correctly, hashed). This results in the encryption key, which can then be used to decrypt the backup. Very elegant approach.

It got real scary for me when I went to change the password and I received the dreaded "incorrect password" indication. I was absolutely positively certain that I had the correct password. I confirmed that belief with my paper records as well as an electronic record on the computer. I even checked Keychain and it was again confirmed. Despite my memory as well as all of the confirmations, my password would not be accepted.

I had made the above attempts with a wireless connection. Out of frustration (and I couldn't think of anything else to do), I connected a cable and it worked with no problem!

If you think about it, it's pretty much the only way you can have a truly secure backup. Data must be encrypted at the source (the phone) to prevent interception in transit. And if it was easy to bypass backup encryption by simply backing up to a different computer it would be pretty much worthless encryption with a back door that large.

Here's a (distantly) related example. I manage virtual servers for a client on Amazon Web Services (AWS). They are configured for "no password." Someone logging in must have a private ssh (secure shell) key sent over an encrypted connection; the server has the matching public key. So when I log in my private key must match the stored public key. The public key is stored in a file in the login directory (authorized_keys). Somehow, last Friday, either the login directory or the authorized_keys file became corrupted on one of our servers. We don't know what happened, because we couldn't log in. There is no way around this. The server is now useless, and will be deleted. For truly secure access and/or storage there cannot be a way to bypass it.

I'm not aware of any other backup that can have such a permanent impact.

How about TrueCrypt? Apple's FileVault? Microsoft's Bitlocker? All of those corporate laptops that have hardware encryption built in and used? Even a Mac's optional firmware passcode? The idea of backups and storage that require a passcode to decrypt is common, and very widely used.

The point is that the password should be required BEFORE an encrypted backup is allowed. If you don't know your password the backup is useless anyhow. You will at least know that you need to find another option instead of going on assuming you will have future access to you encrypted backup.

riptide30 wrote:

The point is that the password should be required BEFORE an encrypted backup is allowed. If you don't know your password the backup is useless anyhow. You will at least know that you need to find another option instead of going on assuming you will have future access to you encrypted backup.

The password IS required BEFORE an encrypted backup is allowed. The first time you make an encrypted backup you are prompted to enter a password - twice. If you don't enter a password you cannot proceed with the backup. And that password never changes, unless you explicitly click "Change password". And then you have to enter the original password.

Lawrence Finch wrote:

...unless you explicitly click "Change password". And then you have to enter the original password.

If you do that with a wireless connection, you will receive a bogus "incorrect password" response. It happened to me when I absolutely positively knew that I had the correct password. After much weeping and gnashing of teeth, I decided to connect with a cable (because I couldn't think of anything else to do) and everything worked perfectly.