Q: Lost Password to iPhone Backup

dropsdamike wrote:

 

Its normally the admin pw to your computer if you did not set one before backing up...depending what version of iphone and itunes.

It's not "normally" anything. It is whatever you set it to the first time you created an encrypted backup. You can prove this to yourself by reading the thread you posted to. There must be over a hundred different passwords that have been mentioned as THE password that worked.

Oh good a troll...Considering  there are plenty of users in my organization that that do not encrypt back ups with a pw yet were prompt for one when restoring(and have verified this by having them back up and restore in front of me) you can take your pretentious " level 7 " comments else where. This is a help forum and I was just offering my insight so you can take it or leave it without trying to act like a know it all.  Or were you trying to discourage other users from posting. What a sad little man, criticizing someone just trying to help...such a loser. You give IT a bad name.

I didn't criticize you; you took on that mantle yourself. I just pointed out that you are wrong, and that reading the thread you posted to would prove you wrong. Here are some quotes from the thread:

• I applied the Yosemite OSX password and the restore process completed.
• YES!!! I used my MacBook password and it worked.
• I used the password I made OVER TEN YEARS AGO and haven't used since.
• 1234 it was!
• For what it is worth, I think Lawrence Finch is right.  I tried all my old passwords, all the tricks listed in this thread and finally went back to one really old password that worked.
• Just wanted to let you know that password I used to backup/restore my iPhone (6) was exactly the password to unlock my previous iPhone (4S) screen when it went to sleep.
• In my fury I typed 1234, and it worked.
• tried my UNLOCKING CODE (the one that you put to unlock and use your device) with 4 numbers and... IT WORKED!!!
• I used the same password as for my email and it works
• i entered the one password i have for everything and iTunes accepted it and my iPod is actually restoring my backup right now. I remember that i actually entered that password about 6 months ago, but i didn't know what it was for.
• My problem was solved by entering my Apple user password in lower case.

The users in my firm do not have the company admin profile PW nor does the IT dept install iTunes. They set up Icloud back up. The users install Itunes themselves so there is not a possibility that all of these users just randomly used the same admin PW for ITunes back up, aside from the fact I have seen it first hand on a fresh laptop so all I am saying is that the possibility remains. So think and say what you want to stroke your hubris on being right... I was just posting incase it help someone else. Ill be sure not to make that mistake on any discussions you have posted in again.

Don't be this guy, nobody likes him...lol

Though you were right on one thing, you comments did not criticize...just very condescending. Sorry for being rude, its been a long day already.

I'm sorry if I came across as condescending. You're not the only one with a long day. Have a happy New Year.

Interesting dropsdamike. But is it possible your administrator images your employees with an os that already has this iTunes password embeded in some keychain somewhere? Maybe because the prototype instance at some point was being used that way?

idou747 wrote:

 

Interesting dropsdamike. But is it possible your administrator images your employees with an os that already has this iTunes password embeded in some keychain somewhere? Maybe because the prototype instance at some point was being used that way?

It doesn't work quite that way. However, if you use your own phone, but install a company MS Exchange account on the phone the IT administrator can install a security profile on the phone. Some of the options allow the admin to wipe the phone, to require encryption and to filter email content. If the admin chooses encryption (which is a default setting) then backups are automatically encrypted. The user may be allowed to choose the encryption key, or it may be set to the domain password in effect at the time of the first backup. It never changes, however, so if you restore a backup 3 years later the encryption key will still be that original domain password.

This issue just happened to me today. I never ever remember setting up a password... especially in my latest back up.

But after trying every single password I've ever used... it turns out that it ended up being a random password I used 9 years ago when I first got the computer. My advice would be to keep trying old passwords. And if anyone else ever used your computer in the past, even 9-10 years ago... try to get some passwords off of them too.

Maybe itunes backup is working as designed, or maybe it is broken. Either way something is undeniable... The idea to use some backup password that you may have set up years ago and then forgotten and never used is a totally brain dead design.  Apple needs to rethink this, either by using some password that is guaranteed to be current because it is being used regularly, or else to periodically prompt you for it to check its currency. (And for god's sake, don't prevent you starting a new backup regime with a new password like Apple does now... Sheesh). Maybe someone will sue Apple and that will bring them to their senses.

idou747 wrote:

 

Maybe itunes backup is working as designed, or maybe it is broken. Either way something is undeniable... The idea to use some backup password that you may have set up years ago and then forgotten and never used is a totally brain dead design.  Apple needs to rethink this, either by using some password that is guaranteed to be current because it is being used regularly, or else to periodically prompt you for it to check its currency. (And for god's sake, don't prevent you starting a new backup regime with a new password like Apple does now... Sheesh). Maybe someone will sue Apple and that will bring them to their senses.

The difficulty is that it's technologically impossible to change the passcode without the old one. It's really a mistake to call it a passcode - it's actually the encryption key for the backup. All of the content of the backup is encrypted using the passcode as a key. The advantage is that if you choose a good passcode no one can decrypt your backup; not the FBI, the CIA, NSA or any other spy or police agency. Or someone who steals your computer. So it isn't stored anywhere, unless you use a keychain app, and there's no place to change it.

Along with the security of the backup, it would be worthless if you could start a new backup without encryption, because that would mean that anyone who stole your phone could create a new backup without encryption.

Several governments are asking Apple to rethink keeping your data secure. If they win then you could always ask the FBI or your local police to decrypt your backup.

If you have forgotten your backup passcode you can still back up and restore your phone without the passcode using iCloud backup, which is encrypted differently and doesn't require you to remember your passcode. And if you are in the habit of using poor passcodes there are passcode crackers around that can help you find the passcode. As the encryption is 256 bit AES this will only work for weak passcodes, however.

Lawrence, I don't think iTunes will let you do anything with the phone, backup or otherwise, without unlocking it, so your theory that all this mess somehow is protecting your data doesn't seem to wash. And why don't they just encrypt the backup with your password /pass code? If you deemed it enough to protect the physical phone it should be fine to protect the backup, no?

idou747 wrote:

 

Lawrence, I don't think iTunes will let you do anything with the phone, backup or otherwise, without unlocking it, so your theory that all this mess somehow is protecting your data doesn't seem to wash. And why don't they just encrypt the backup with your password /pass code? If you deemed it enough to protect the physical phone it should be fine to protect the backup, no?

They don't encrypt it with your passcode because once you create a passcode Apple doesn't know what it is, unless you save it in your keychain. Passcodes are salted and hashed, and the hashed passcode cannot be used to determine the original. This is standard practice for anyone who stores passcodes, except really stupid and naive websites. When you enter a passcode later to access a site or, say, the iTunes store, they again salt and hash what you entered, and if it matches the currently saved hash it accepts the passcode. (If you want further information on how this works see: https://en.wikipedia.org/wiki/SHA-1). This is also why iTunes cannot randomly choose a passcode you have used for other things on your computer; it has no way of knowing what those passcodes are.

And perhaps you share that passcode with someone (to share the iTunes stores, for example), but you don't want them to have access to your backup? There's been much discussion on the forums lately about sharing iCloud IDs, and how to prevent someone who shares your ID from seeing your messages, phone calls, and other personal information.

Lawrence, while computers don't store passwords in permanent storage for the reasons you cite, they can and do store them in temporary storage.  Take for example the iTunes Store allows you to keep buying apps for a certain time with Touch ID. Other apps like 1 password take advantage of this and keep all your passwords available after your first login if you press Touch ID. They can do this by putting decrypt passwords in RAM which disappears when the system is shutdown.

So while your device doesn't permanently store your password, it COULD put it in temporary storage once you successfully enter it. Once it's in temporary storage it could be the basis for the backup.

There's another option also... The salt of your password could be the password for your backup. It doesn't have to be your password as long as it's something that can be ascertained from your password.

People who want others to access their physical phone and yet not their backups are arguably morons. However, nothing stopping the system supporting such odd things, I just don't see why it should make every normal person's life a misery.

You raise a good point. However, if you set the password to whatever your Apple ID password was when the backup was created, and you later change your password, there's still no way to change the encryption key for backups that already exist without that original password. Most of the problems seem to be with people who forgot that original password. But it's a good start.