iTunes asking for backup password???

Ran into this issue tonight. The whole family was due to upgrade smartphones, and, humorously, I dumped by iPhone 5s for a Galaxy Note 5 because I was absolutely sick of dealing with Apple's crap integration with non-Mac platforms.

Anyway, I backed the wife's iPhone up on my PC before we went. I purposefully created a non-encrypted backup, because I knew the file would only be temporary. She wanted to stay with Apple, so I brought her new iPhone 6 home and went to restore the backup and - Surprise - it asked for a password.

For the next two hours, I tried every trick in this thread and none of them worked - it wasn't either of our Apple ID passwords, it wasn't any permutation of any Apple password with or without numbers or capital letters. It wasn't my PC Windows login password, nor anything else I use regularly ... turned out - for some freaking inexplicable reason - it applied the password I use to log in to my Citrix remote sessions for work. It's nothing my wife EVER used on her cell phone, nor nothing I ever used for any Apple login ever. Absolutely ridiculous.

So tired of Apple and this kind of crap. I made the decision to dump Apple the minute I upgraded my iOS last time and found out I could no longer do home network streaming without paying $10 per month. Tonight's escapade just reinforced my belief I made the right choice. Enjoy your iDevices folks ... I'll be Apple Free starting tomorrow morning !

And you really think that your phone read your mind and entered one of your passwords on its own.

Really?

Csound1 wrote:

And you really think that your phone read your mind and entered one of your passwords on its own.

Really?

No. I believe it pulled a password I used in a different App on the same PC and applied it to my backup file despite the fact "encryption" was unchecked in iTunes. It's a lot more plausible than 21 pages of users reporting the same mass delusion.

After 36 years of programming and using PCs, I'm pretty observant about such thinks as whether I've entered a password, and what that password was. My routine is rather specific - if I enter a password - FOR ANYTHING - it simultaneously gets recorded in the mystical place where I keep all my passwords. The only reason I was able to determine the password iTunes used when creating the backup was working my way back through that password list.

Perhaps the greatest thing about switching phone platforms is that I will never, ever have to boot up iTunes again in my life. What a steaming pile of coding that is.

After 36 years of programming you should know that passwords on a computer are not stored in a way that they can be pulled from a password store without the cooperation of the user. And passwords are not stored in plain text anywhere on your computer; they are stored either encrypted or using an irreversible hash. So what you think happened is simply impossible.

With 36 years of programming, he would have also discovered that programmers, including programmers at Microsoft and Apple are infallible and never make mistakes. (Such as the iTunes programmers who might be referencing stored credentials in the Windows Credential Manager, many of which, due to the infallible wisdom of Microsoft, are stored in an unencrypted (or perhaps decrypted while the user is logged in), insecure way, perhaps referenced by iTunes by an index of an enumeration of credentials, or by a (repeatedly used) username, instead of by an application-unique identifier, and iTunes is either accessing the insecure unencrypted password directly, or else conducting a forward hash against an existing credential's hash in order to unlock the never-encrypted backup from the interface that iTunes locked without the user asking. I don't know exactly how this works, but I don't need to do further research since surely there has never been any security breaches regarding the storage of passwords, ever, in the history of computing, so this is simply impossible.)

Here I am now, looking at Nirsoft Password Recovery tool, seeing a whole bunch of my Windows passwords in clear text, without forward hashing, but since this is impossible, I must also be suffering delusions.

"Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth." And the truth must therefore be that this support forum should support its people by handing out medication for mass delusion. "Think different," indeed.

FWIW, I'm inclined to stick with Apple for mobile devices, and their stubbornly flawed and (partially) broken iTunes software because they do seem to take security more seriously than Android (or Microsoft, although they improved the credential storage in Windows 8.) However, the quality of support in this forum thread remains hostile to people having legitimate problems, so that doesn't speak well for the community of Apple users.

Yes of course, after all, users never make mistakes do they?

You have a good one now

Lawrence Finch wrote:

After 36 years of programming you should know that passwords on a computer are not stored in a way that they can be pulled from a password store without the cooperation of the user. And passwords are not stored in plain text anywhere on your computer; they are stored either encrypted or using an irreversible hash. So what you think happened is simply impossible.

Yes, obviously there is a 21 page thread dating back over 4 years discussing a problem that doesn't exist. I am sure myself and the hundred or so other users on this thread are all idiots and/or inventing this issue. I mean, that's the only explanation right ? That we all have nothing better to do than perpetuate this myth of inexplicable passwords being attached to backup files ? God knows there wouldn't be a problem with the code Apple wrote, right ?

Whatever - don't really care. I posted how I solved it for anyone else who suffered the same mass delusion - basically just start working through any password you ever used for any piece of software you used on the PC you made the backup file on, and you may eventually stumble across the password associated with the backup file. Good luck !

I think that since Apple can lock down a computer that's halfway across the world using icloud, they could also offer an option to use that technology to give the necessary credentials to unencrypt a local file. Obviously many people are losing data because of the current situation, and whether they mistakenly input a password without realizing it or simply forgot it, there could be a method of resolving it using the icloud platform, if Apple were so inclined.

Yes, pretty standard advice for when you forget a password, writing it down before you forget it is also a good method.

Hotchili wrote:

I think that since Apple can lock down a computer that's halfway across the world using icloud, they could also offer an option to use that technology to give the necessary credentials to unencrypt a local file. Obviously many people are losing data because of the current situation, and whether they mistakenly input a password without realizing it or simply forgot it, there could be a method of resolving it using the icloud platform, if Apple were so inclined.

iTunes backups are local, nothing to do with the cloud.

The answer is not to forget the password, or if you are incapable of that, don't use one

Hotchili wrote:

I think that since Apple can lock down a computer that's halfway across the world using icloud, they could also offer an option to use that technology to give the necessary credentials to unencrypt a local file. Obviously many people are losing data because of the current situation, and whether they mistakenly input a password without realizing it or simply forgot it, there could be a method of resolving it using the icloud platform, if Apple were so inclined.

Activation Lock does not touch your computer or iOS device. It marks it as locked in THEIR servers. Apple has no access to your computer at all, and the backup passcode is stored only on your computer. That is intentional, so no one can accuse Apple of stealing or accessing your data. And so Apple can legally refuse to unlock your backup for spy agencies or law enforcement, because it is technically impossible. If there were any way for Apple to decrypt your backup, it would just be a matter of time before some hacker figured it out. Be careful what you wish for. This is the whole political argument for "back door" access that the FBI, CIA, NSA, GCHQ some legislators want to mandate.

TThank you so much, very good advice.

Thats exactly right,

Basically if you never encrypted your backup it would not ask for your password

Regards

After hours of problems, this actually worked! I had a ! in my password, took it out and left everything else and it's now downloading the backup!?!?!