My backup ate my password (or did it?)

Screen Shot 2012-04-30 at 2.52.33 PM

Imagine the situation, I’m hurtling down the highway and I’m walking through the Carbonite iPhone app with my wife, looking for data we know is sitting on a password encrypted file back at home. Carbonite offers the options to log into your filesystem via a computer browser, or to access your files directly via the trusty old iPhone app.

The trouble is that the Pages file was stripped of its password. What?

So being wired the way I am, I proceed to run some scenarios to figure out what is broken and where.

Scenario 1: Create a new password protected file, wait for Carbonite to back it up and attempt to open it via the iPhone app.

Result: Fail – File opens, password stripped out

Scenario 2: Take the same password protected file and upload it to iCloud.

Option A: make a copy in Pages for iOS.

Result A: Pass – File opens, password intact

Option B: open the orignal file as Pages for iOS.

Result B: Pass – File opens, password intact

Scenario 3: Open file on PC/Mac and access via Carbonite web site via web browser.

Result: Fail – File opens without prompting for password

This begs the question, why is the password stripped out? Am I the only one to find this troubling? Maybe there’s a gap between my expectations and what I bought.

Expectation 1: I can recover all my stuff in the event that a tornado picks up my house and sends it to Oz. This is obviously not met, as my file content is the same, but now I somehow have to remember what I protected, and how.

Expectation #2: Any sensitive document I have is still encrypted even if it is accessible to someone who hacked my carbonite account. What good is all that “upload it encrypted”, if the payload is no longer encrypted at the file level. I would have expected to have access to a mirror image of my filesystem, that can be recovered “as-is”, so that I only have to worry about buying a new Mac, not trying to figure out what was encrypted, and whatever other property the file had pre-upload.

In case there is any confusion, I’m less than thrilled.

UPDATE: May 1, 2012

OK so now I’m thrilled again.

I decided to contact Carbonite today to get some answers (it was nagging at me, as I pick my vendors carefully). Their Customer Support acted promptly and got me chatting with their support team. I shared my desktop with them, I went on to demonstrate the steps that I blogged about above. The password was prompted *every* time. I went on to reproduce the test steps again (and again), new folder, new files, new passwords. Now I can’t get it to not prompt for the password.

So to be clear, I can now download from the web (to my Mac and PC) and from my iDevices and always get the password challenge. So my faith is restored in my backup strategy.

I kind of feel like that guy who goes to the to the garage, and the car doesn’t make the noise anymore. Kudos to Carbonite for being so responsive.

… I still want to know what the deal was April 30th,

4 comments

  1. Wait a minute, how was Carbonite able to strip the password out of a file? It’s utterly baffling that they would even try, let alone succeed.

    Does it work for many different types of files or just certain types of files?

  2. Oddly it behaved the same. I created a second file (MS Word) and password protected it. It uploaded to Carbonite. I then logged into Carbonite via the iPhone App, and opened the file without a password challenge. I used a different password, just in case it was somehow cached.

    The plot thickens……

  3. Is there a difference between password protecting “access” to a file and password “encrypting” a file? Perhaps the access protection is only effective within the Apple ecosystem. Is there an option somewhere to toggle between access and encrypt?!

  4. When I log in to Carbonite’s site from a Lenovo laptop running Windows 7 (64 bit, 4GB RAM), the document downloads as expected and opens in MS Word, minus the password challenge. Still broken.

    This does need further research, as it’s essentially a huge fail.

    I’d love to see if anyone using Carbonite associated to a PC experiences the same behaviour.