I allow users to create an app level password. I save and retrieve this in the keychain via SFHFKeychainUtils. Everything works fine, unless the user upgrades to a new device and does Restore Backup from the old device. The correct password is never accepted, apparently lost.
The explanation for why seems to be covered in this SO thread "With an unencrypted backup, you can restore the keychain only to the same iOS device." The result is my passwordIsSet flag indicates YES, with no password to match, and the user is locked out of the app.
What are my options other than storing the password in NSUserDefault, which obviously is not as secure:
- Is there a way to securely store a password that will survive restore backup to a new device?
- Is there a way for my app to know it's on a new device, so I could clear the passwordIsSet flag and force the user to create a new one?
Note that I have tested this several different ways. The password is correct. Restoring to the same devices works, with or without a device reset. The issue is limited to restoring to a new device.
Thank you.