Apple Passwords is hostile to backups

In my view, a useful backup system must be (1) chronological, (2) granular, and (3) redundant. A chronological backup system includes multiple historical snapshots of your data, allowing you to recover not only the latest version of your data but also past data that has been deleted or edited. A granular backup system allows you to selectively recover specific fragments of data from your backup without disturbing, deleting, or corrupting the rest of your current data. A redundant backup system includes multiple backups of the same data, stored in geographically distinct locations, to guard against disastrous data loss in one location.

According to these three essential criteria, iCloud Keychain is not a proper backup system. In fact, it fails to satisfy any of the criteria. iCloud Keychain stores only one version of your passwords, the latest version, so it's not chronological. You can't extract a single password from iCloud Keychain without restoring—that is, overwriting—every password, so it's not granular. And the only way you can restore your iCloud Keychain passwords is via Apple's online iCloud service, so it's not redundant. If you lose access to iCloud for some reason, such as an internet outage or an account lockout, or if your iCloud Keychain data becomes corrupted in some way—which happens!—then you're left with no alternative backup.

I think the fairest way to characterize iCloud Keychain is not as a backup system but rather as a sync system. And there's nothing inherently wrong with a system that's dedicated exclusively to syncing data between your devices. The problem is not simply that iCloud Keychain provides no backup system but also that iCloud Keychain is hostile to backup systems.

Leave a Comment