iPhone icloud backup (password security)


#1

i use touch id to unlock my vault in cryptomator.
If i enable the full icloud backup of my iphone, will the plain password for opening my vault be backed up to the apple cloud?

Thanks in advance


#2

If you use Touch ID your password ist stored in apples icloud keychain on your phone. If you have enabled the keychain to be included into your icloud backup, then the keychain and all its passwords is backuped into the cloud. (But of course never in plain text).


#3

I don’t think that’s quite correct. When you use touchID to unlock the vaults, the passphrase is stored in the Secure Enclave. Not in the iCloud Keychain.
So no, you’re passphrase is not going anywhere.


#4

mhm.
I got my information from here:

There is one exception though: Cryptomator actually stores the cleartext credentials for WebDAV. But(!) the password is stored inside the iOS keychain.

Maybe i got something wrong.


#5

Just to clarify, iOS keychain could indeed be mixed up with the iCloud Keychain. But I meant the so-called Keychain Services (software) which indeed uses the Secure Enclave (hardware).

To answer the initial question: Yes, the password will be backed up. We’re using the attribute kSecAttrAccessibleWhenUnlocked for the passwords accessible via Touch/Face ID.

Items with this attribute migrate to a new device when using encrypted backups.