Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Wizec

macrumors 6502a
Original poster
Jun 30, 2019
680
776
I'd like to enable ADP (Advanced Data Protection), but I'm not sure what the best way is to store the key.

Some pros and cons of the methods I've considered:

Memorizing the Key​

Pros:
  • I'm the only one that knows the key
  • It can't get lost like a slip of paper, or lost in a password app if it gets breached or I can't log in to that app for any reason
Cons:
  • Hard to memorize
  • Subject to memory loss down the road if I don't use it enough

Storing in Apple Passwords (or any Password Manager)​

Pros:
  • If I store it in Apple Passwords, I can retrieve it from my iPad or my iPhone quite easily
  • The passwords app also requires FaceID to open
Cons:
  • If my devices get lost, stolen or damaged beyond repair, my ADP key is lost

Paper Storage​

Pros:
  • Easy to retrieve from say, my wallet
Cons:
  • Storing it in my wallet is fraught with risk of theft, or being misplaced and lost
As I understand it, I can't set up a new Apple Device and restore from iCloud without the ADP key. Any security experts out there that have a better handle on ways to get ADP enabled and manage the key than the ideas I've listed? TIA!
 

NoBoMac

Moderator
Staff member
Jul 1, 2014
6,257
4,944
Or encrypted Word, Excel file(s) stored in a non-Apple cloud account.

Paper copies can be put into a safe deposit box if one has one. Ditto a USB drive with a file containing the key.

Or 3rd party, cross-platform password manager.

If my devices get lost

If "devices", yes possible, but how likely is it that ALL devices are lost/gone at the same time?

No perfect answer, but yes to all of the OP options is perfectly valid as need a robust backup method/process. So like a good data backup strategy, need multiple copies, multiple places so you don't have a single point of failure. Will need to figure out what combo of options work the best for you and are most comfortable dealing with.

(TLDR: I've got encrypted recovery keys all over the place: four cloud accounts, multiple external drives, 3rd party password app)
 
  • Like
Reactions: Wizec

WolfSnap

macrumors 65816
Sep 18, 2012
1,112
1,003
SoCal
I store it in 1Password, and share that with a few others I trust. That way, even if *all* my devices are destroyed, I have a way back into the account by having family members help me out.
 
  • Like
Reactions: Wizec

jedimasterkyle

macrumors 6502a
Sep 27, 2014
571
866
Idaho
I've got mine saved in 3 places

  1. 1Password
  2. DropBox
  3. iCloud Drive
The way I justified Dropbox was that I have a 100 character password for my account AND MFA enabled. Sure, no security implementation is perfect but I figure having as many obstacles to it is better than nothing at all. As for 1Password, same thing. My MFA and secret key alone make it extremely difficult to get to.
 

Wizec

macrumors 6502a
Original poster
Jun 30, 2019
680
776
Interesting ideas. Thanks for the responses.

This is definitely not something that I can easily tell my non technical friends to just set and forget 😊 It requires understanding and planning to pull off without scuttling one’s own ship.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.