How to recover a lost iPhone backup password — 5 ways

Updated
Cover image for: How to recover a lost iPhone backup password — 5 ways

iPhones and iPads enable users to password protect their backups, and when they choose to do this their data is secured in an encrypted backup.

What is an iPhone backup password?

An iPhone or iPad backup password — sometimes called an iTunes backup password — is set when backing up your iOS device in an encrypted format. The password is securely stored on your device, so that whenever it is called upon to produce a backup, it will generate an encrypted one.

When you choose to protect your backup, you'll need to remember your backup password to ever access that backup's contents. This password is set separately from your iPhone's passcode or your Apple ID's password. So whilst you may set the password to anything you like, resetting your Apple ID won't help you recover it.

Over the years Apple have used a few different formats for protecting their encrypted backups. The last big change was made as part of the iOS 10.2 release. iPhone Backup Extractor fully supports all versions of encrypted iTunes backups, as well as iOS backups made by any other software.

How to reset your backup password and create a new backup

If you forget your backup password but don't need access to your backup's contents, you can overwrite it with a new backup:

  1. On your iOS device, go to SettingsGeneralReset.
  2. Tap Reset All Settings and enter your iOS passcode.
  3. Follow the steps to reset your settings. This won't affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.
  4. Connect your device to iTunes again and create a new encrypted backup.

Be aware that this will overwrite any pre-existing iPhone backup you might have, and all data included in them.

How to recover a lost iPhone backup password

If you've lost or forgotten your iTunes backup password, there are a few techniques you can use to try to recover it.

1. Try known passwords

First, it's worth trying a bunch of passwords that you might have used. There's no penalty to trying a number of different passwords in iTunes, although each check can take a little while. There's no such thing as a default password for an iOS backup.

Perhaps you used one of the following:

  • Your iTunes, Apple ID or iPhone password
  • Your email password
  • Your computer's login password
  • Something simple like password, 1234, letmein, 0000, or so on.

Passwords are set on the device, not by your computer. If your device was bought or configured by somebody else, it's possible that you need to ask them for the password.

2. Check the macOS keychain

If you use a Mac and configured the iTunes backup password on that Mac, your computer may have kept a record of the password in its keychain.

You can check this by loading the "Keychain Access" app that comes with every Mac.

  1. Launch Keychain Access by opening Spotlight with ⌘ Cmd + (space), typing "Keychain Access", and then hitting ⏎ Enter.
  2. Click "Passwords" in the left-hand category sidebar.
  3. Type "backup" into the search box in the top-right of the window.
  4. View the saved password entries by double-clicking on results named iOS Backup or iPhone Backup.
  5. Check the "Show password" box and the password will be displayed.

Unfortunately, there's no simple equivalent of doing this for Windows users.

3. Backup to iCloud, erase the device and restore

There's also a nuclear technique for removing an iTunes backup password setting from your device. Enable iCloud backups under settings, back it up, then erase and restore it.

This process is long-winded -- especially for users with a lot of data or a slower connection -- and ideally avoided. You can see our guide to making an iCloud backup to follow this approach.

4. Brute-force the backup password

Apple provide technical details on how encrypted backups work. Simply put, modern iOS backups use AES-256, with 10,000,000 iterations. That makes checking a single password slow enough, even if it's the right password. Trying many different passwords with a tool like hashcat is a very slow process. Users can export a hash from their backup for use in hashcat with our free rictl tool with the following command:

$ rictl backup info -u 00009034-002E650A01AE001E | grep -i hash
Password Hash: $itunes_backup$*10*1B79213926050E5A3ACCD9EB2FDF8F43FAFD1E5F57CA51E5950D4AF6FED663D3FD7E183923F605F6*10000*5FC56B80AA8D8A79B78C9F4CD5CEEFB4C213D495*10000000*565B837B6E69B7F4786114E3835971AE0E2E5979

Assuming the password had 8 digits, limited to only upper or lower-case English letters or numbers — and no punctuation symbols — there would be 218,340,105,584,896 (628) possible combinations.

Using a $1,300 GeForce 1080 Ti GPU, it would be possible to try around 100 passwords per second, which would mean it would be possible to break that password in around 69,000 years. That's substantially before the heat death of the universe, but it's still a long way away. The process could be sped up with a machine with 4x $5,000 Nvidia K80 GPUs, but even with a 10x improvement it would still take around ten thousand years, and the electricity consumption would be enormous.

Earlier versions of iOS created backups with much weaker encryption, as below:

Version Guesses per second Simple 8-digit password recovery time
iOS 10.2 or above 100 69,000 years
iOS 10.0 - 10.1 6,000,000 421 days
iOS 4 - 9 150,000 46 years

Thus, from a practical perspective, it can be possible to recover a password if one has a general idea about its form, such that a few hundred or thousand guesses would find it.

How to speed up password recovery with an ASIC or quantum computer

You might ask, what about quantum computers, or dedicated hardware? Let's take a look.

You might be curious about working with a university with access to quantum computing resources. Whilst there are quite a few click-bait articles out there on the amazing powers of the technology, it doesn't make cracking strong encryption much easier.

There are two good resources on this: this sober paper (nicely summarised by The Register: "Grover's algorithm would need about 1032 years to crack SHA-256"). Then there's this, less sober article, which suggests that even if one were to build a Dyson sphere and capture all of the energy radiated by the sun it might still be hard. 🤷‍♂️

There's another approach that might be faster than general quantum, and that's using an ASIC. This is essentially a custom piece of hardware that is designed specifically for the encryption algorithm one wants to break. Whilst it sounds like everything either uses SHA-1 or SHA-256, the reality is that the parameters used with the encryption matter, which from a practical perspective means you'd need to get one made for the iPhone backup algorithm, rather than being able to use a generalised device. In this case, an iPhone backup uses 10,000,000 iterations of SHA-256. You could probably get a good ASIC built for under $100k, but how much faster it'd be is hard to say. Even if it were 10,000 times faster (it wouldn't be!) it would still be too slow.

The problem ultimately is that even if recovery is worth $250k, the cost of nailing a decent password is substantially greater. Few people have the appetite for the equivalent of a mortgage on an attempt with at best a fraction of percent chance of success in their lifetime.

Given how brutal the brute force probabilities are, that points to using a structured process to recover or trigger memories of a lost password. If the value of recovery is great enough, we'd recommend a process like this:

Freezing all your data to prevent accidental overwrites, deletions or modifications

  • Buy new hard-disks for your computers, then pull out every disk and USB stick out of every device you own (computers, laptops, Time Machine devices) and quarantine them
  • Replace your mobile devices with new ones and quarantine your current devices
  • Dump and archive every online storage system you use (eg. Google Drive, Dropbox, iCloud Drive)

Triggering memory responses

  • Look back at photos from the time, visualising the equipment and environment you had
  • Use iPhone Backup Extractor to examine your messages histories from the time to see who you were talking to at the time and what you were was talking about

Intensively search for potential password variants

  • Dump all macOS, iOS and Google keychain passwords and feed them into a password list
  • Dump all passwords from your password managers and feed them into a password list
  • Scan all of the archived disks and USB sticks for any form of file that could have been a password archive or a message, photo or note entry that might be a memory trigger
  • Run a painstaking sector-by-sector testdisk scan on your disks and device images for deleted data

5. If in doubt: reach out

Our support team are able to help customers with recovery of lost passwords in some cases. Please do reach out to us using the support details below.

About the author

Aidan Fitzpatrick founded Reincubate in 2008 after building the world's first iPhone data recovery tool, iPhone Backup Extractor. He's spoken at Google on entrepreneurship, and is a graduate of the Entrepreneurs' Organisation's Leadership Academy.

Reincubate's CEO at Buckingham Palace

Pictured above are members of Reincubate’s team meeting HM Queen Elizabeth Ⅱ at Buckingham Palace, after being awarded the UK’s highest business award for our work with Apple technology. Read our position on privacy, safety and security.

How can we help?

Our support team are here to help!

Our office hours are Monday to Friday, 9 AM to 5 PM GMT. The time is currently 8:15 AM GMT.

We aim to reply to all messages within one working day.

Go to support section › Contact support ›
Our awesome support team

Comments (6)

Thank you! Finding the password in Keychain was just what I needed.

God Bless You! I was just about to give up after many hours of tech support etc.

Aww, thanks. Don't be a stranger, reach out if you need help!

Hi! I have same problem can’t remember my password, is it any solution to recover the password?

Sure, drop us a note the support team may be able to help you.

Can't recall "password" used to encrypt my iPhone backup. Please help. OS is Windows 10 Home. Assuming without this password I can't recover any files in my backup.

Hi Tony -- please drop us an email on the link below (or use live chat) and we'll do our best to help.

I backed up my old phone yesterday to itunes not knowing it was encrypted and when I went to restore my new phone to that backup I was unable to because I do not have the encryption password.

Hi Brianna, thanks for commenting! Buzz us on live chat and we'll help if we can. 🙂

goodmorning i've lost all files stored in one backup, because i don't remember the Itunes Backup Password. what can I do? thanks in advance

Hi Nicolas, drop us a note on live chat and we'll see if we can help!


Can we improve this article?

We love hearing from users: why not drop us an email, leave a comment, or tweet @reincubate?

© 2008 - 2019 Reincubate Ltd. All rights reserved. Registered in England and Wales #5189175, VAT GB151788978. Reincubate® is a registered trademark. Privacy & terms. We recommend 2FA. Built with in London.