iOS and iCloud Keychain Are Hostile to Backups
In my view, a useful backup system must be (1) chronological, (2) granular, and (3) redundant.
It seems like iOS iCloud backups provide none of these. I thought iCloud Backup used to store multiple backups for each device, and that I could delete older ones to free up space, but now when I go into the settings I don’t see a list of backups, just the date of the “Last Backup.”
The backups are not granular. There’s no way to restore the data for a single app.
Maybe the underlying AWS or Azure storage is geographically redundant, but the most important data like photos and messages aren’t even stored by the backup system. There’s just a single copy of the current data. For most people, the data doesn’t all fit on device so there’s no redundancy that way, either.
iCloud Keychain stores only one version of your passwords, the latest version, so it’s not chronological. You can’t extract a single password from iCloud Keychain without restoring—that is, overwriting—every password, so it’s not granular. And the only way you can restore your iCloud Keychain passwords is via Apple’s online iCloud service, so it’s not redundant. If you lose access to iCloud for some reason, such as an internet outage or an account lockout, or if your iCloud Keychain data becomes corrupted in some way—which happens!—then you’re left with no alternative backup.
I think the fairest way to characterize iCloud Keychain is not as a backup system but rather as a sync system.
[…]
Contrast iCloud Keychain to the login keychain on your Mac. The login keychain is relatively friendly to backup systems. It consists of a single file on disk that can be copied to other disks and read by the Keychain Access app on any Mac, as long as you know the login password. And you can copy individual keychain entries—a password, secure note, key, or certificate—from one keychain to another keychain, using standard copy and paste.
I use iCloud Keychain with Safari AutoFill because it’s so convenient. But, because I have so little control over it, I don’t use it as the primary storage for any of my passwords. It is the only storage for my passkeys, since PasswordWallet doesn’t support them. Hopefully, there will be more tools for this as credential exchange gets implemented.
You can still view your old secure notes in your keychain, but you can’t create new secure notes. Apple wants you to use the Notes app instead. This is extremely inconvenient, for several reasons. I want to manage all of my passwords and secure notes in one place. I need proper backups, but Notes app appears to suffer from the same hostility to backups as Passwords app. And for some reason, unlike the login keychain, locked Notes can’t be locked with your login password unless you enable iCloud Keychain.
Previously:
- Passkey Usability
- Passkeys Credential Exchange
- Passkeys: A Loss of User Control?
- Mac Keychain APIs and Implementations
- SecItem: Fundamentals, Pitfalls, and Best Practices
5 Comments RSS · Twitter · Mastodon
Amen to that Jeff is our community's treasure and should be supported in every possible way! His approach, while (sadly!) so rare, is so refreshing and common-sense driven! My favorite reviewer/critic of Apple platforms!
For end users I like that there is at least some backup option that they manage to keep when upgrading their iPhone. At least it gives them a built in 2FA option.
But it’s no replacement for a real password manager, which as mentioned has as one of its core features a password history. I have seen end users burned by this.
This is one of the increasingly rare cases that there seems to be a great open standard. I guess it’s not that rare, because it seems to be ignored by the big players. I would love for someone to tell me what is wrong with Keepass.
And furthermore I agree with the above poster. Apple should hire Jeff as a full time critic to fix the real issues Apple has with the meat and potatoes of their software.
Kind of like how Microsoft acquihired Russinovich.
Regarding the annoying removal of Secure Notes functionality: It is still possible to add a Secure Note via the "security" command line utility and afterwards edit it with the Keychain app: https://mastodon.social/@softmaus/113882158862569783
But you can still connect your phone to your laptop and do a backup there that is at least chronological and redundant.
