Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Advanced Data Protection key management

W

Wizec

macrumors 6502a
Original poster
Jun 30, 2019
682
782
I'd like to enable ADP (Advanced Data Protection), but I'm not sure what the best way is to store the key.

Some pros and cons of the methods I've considered:

Memorizing the Key​

Pros:
  • I'm the only one that knows the key
  • It can't get lost like a slip of paper, or lost in a password app if it gets breached or I can't log in to that app for any reason
Cons:
  • Hard to memorize
  • Subject to memory loss down the road if I don't use it enough

Storing in Apple Passwords (or any Password Manager)​

Pros:
  • If I store it in Apple Passwords, I can retrieve it from my iPad or my iPhone quite easily
  • The passwords app also requires FaceID to open
Cons:
  • If my devices get lost, stolen or damaged beyond repair, my ADP key is lost

Paper Storage​

Pros:
  • Easy to retrieve from say, my wallet
Cons:
  • Storing it in my wallet is fraught with risk of theft, or being misplaced and lost
As I understand it, I can't set up a new Apple Device and restore from iCloud without the ADP key. Any security experts out there that have a better handle on ways to get ADP enabled and manage the key than the ideas I've listed? TIA!
 
Or encrypted Word, Excel file(s) stored in a non-Apple cloud account.

Paper copies can be put into a safe deposit box if one has one. Ditto a USB drive with a file containing the key.

Or 3rd party, cross-platform password manager.

Wizec said:
If my devices get lost
Click to expand...

If "devices", yes possible, but how likely is it that ALL devices are lost/gone at the same time?

No perfect answer, but yes to all of the OP options is perfectly valid as need a robust backup method/process. So like a good data backup strategy, need multiple copies, multiple places so you don't have a single point of failure. Will need to figure out what combo of options work the best for you and are most comfortable dealing with.

(TLDR: I've got encrypted recovery keys all over the place: four cloud accounts, multiple external drives, 3rd party password app)
 
  • Like
Reactions: Wizec
I store it in 1Password, and share that with a few others I trust. That way, even if *all* my devices are destroyed, I have a way back into the account by having family members help me out.
 
  • Like
Reactions: Wizec
I've got mine saved in 3 places

  1. 1Password
  2. DropBox
  3. iCloud Drive
The way I justified Dropbox was that I have a 100 character password for my account AND MFA enabled. Sure, no security implementation is perfect but I figure having as many obstacles to it is better than nothing at all. As for 1Password, same thing. My MFA and secret key alone make it extremely difficult to get to.
 
Interesting ideas. Thanks for the responses.

This is definitely not something that I can easily tell my non technical friends to just set and forget 😊 It requires understanding and planning to pull off without scuttling one’s own ship.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back