I lost hundreds of dollars of Bitcoin
I permanently lost some apps and gigabytes of app data
And I nearly lost access to every one of my accounts across the internet (I ended up losing access to only a few)
So today I'm going to be sharing with you all the steps you NEED to follow to make sure the same thing doesn't happen to you
How did this happen?
I preordered an iPhone 15 Pro and chose to trade in my iPhone 11 Pro Max to Apple During the preorder there was a step on screen that gave two options
Option 1: Trade-in your device in store when you pick up your new phone [NEVER CHOOSE THIS OPTION]
Option 2: Mail in your phone with the trade-in kit
I chose Option 1 - my logic was:
"I hate mailing things and I'll already be at the store. It will be convenient."
I have never been more wrong.
The foolproof way to transfer ALL the data from your old iPhone to your new iPhone relies on you having both phones
There's a great tutorial here
The key step is on the transfer your data screen you'll see:
1) Download from iCloud [NEVER CHOOSE THIS OPTION - we'll explore why later]
2) Transfer from iPhone [the best option]
I thought because I had backed up my phone over iCloud and to my Mac that I would keep all my data
I was wrong.
I wiped my old iPhone in the store (effectively deleting tons of unrecoverable data) and handed it over to the Apple Genius
Without my old phone I had forfeited my ability to do the foolproof transfer in the YouTube video above.
But I backed up my data to iCloud and my Mac - doesn't that count for something?
The three tiers of data stored on iPhones
1) iCloud Backup Data (examples: Photos, Contacts, iMessage, etc)
view the full list in your settings under "Apps using iCloud"
iCloud Backup Data is easy to save by running an iCloud backup from your iPhone
This data is also backed up to your Mac if you backup your iPhone in finder (no matter what settings you choose)
2) Cryptographic Data (examples: Two-Factor Authentication Codes, Bitcoin Wallets)
Cryptographic Data IS NOT BACKED UP TO iCLOUD!
Two Factor Authentication Codes
There are two categories of 2FA Code Managers
Ones that allow for cloud backups (Authy, Google Authenticator)
And ones that don't (RSA Authenticate, OKTA Verify)
Google Authenticator codes live on your Google Account and might be recoverable through an iCloud backup
When I recovered from iCloud backup, I lost all my Authy codes (37 accounts)
If you have an Authy Backup (if you don't and you use Authy go make one now) Authy can recover your codes
It takes a week for Authy to recover those codes - better than the months it would take to recover dozens of codes manually
I was able to recover my Authy because it backed up through my Mac's backup of my iPhone
RSA Authenticate and OKTA Verify have no cloud backups that I'm aware of so I've lost access to those codes
Luckily I only had 3 codes between those two apps, and they are all corporate accounts which should be faster to reauthenticate
If you use RSA or OKTA for personal accounts I recommend switching to Google Authenticator or Authy
RSA and OKTA codes should sync if you "Transfer from iPhone" using the tutorial above
Again, that tutorial requires you have BOTH the old phone and the new phone (NEVER GIVE YOUR PHONE TO AN APPLE GENIUS AT THE STORE - ALWAYS SHIP IT GIVEN THE OPTION)
If you have a hot Bitcoin wallet that doesn't back up to iCloud and you don't write down your keys, that Bitcoin is gone
Hot Wallet Best Practices:
Back up any hot wallet seed phrase to a password manager or iCloud (wallets like BlueWallet and Casa do this for you)
Since the seed was generated by an internet connected device, you're not losing much security backing it up to a cloud service
3) App Data not in iCloud (examples: any app on your phone that doesn't show up in your settings under "Apps using iCloud")
I recommend making a list of apps on your phone and comparing the the apps that show up under "Apps using iCloud"
For the apps not using iCloud take stock of which ones have login information
Example: Chase bank is not backed up to iCloud but I have my Chase login information in a password manager
Example 2: Some E-reader apps are not backed up to iCloud and don't have cloud based login information
I hadn't bought a new iPhone in 4 years and during that time my E-reader app got taken down from the app store
Because I did a cloud based backup, that app couldn't be re-downloaded.
This is the case for why you should always "Transfer from iPhone" given that you have the old phone
Those files can persist across devices if the files are manually transferred, but can't download from cloud services
This is likely a very niche edge case, but you'll never know if an app you use all the time has been removed from the app store until you try to redownload it
Hopefully this guide helps you if you're getting a new phone - I plan to revisit this in the future when I get new devices as well
Regenerating dozens of 2FA codes is my personal version of hell and I'd like to help as many people avoid that as possible.
1) Always migrate your iPhone using the old phone
2) In cases of theft or loss make sure you have a full iPhone backup on your Mac/PC
3) Not your keys, not your coins