Skip to main content

PSA: Make sure you have a recovery key for your Apple ID – you’ll need it if you get hacked

Avatar for Ben Lovejoy  | Dec 9 2014 - 4:23 am PT
4 Comments

If, like me, you skipped over the recovery key step when switching on two-factor authentication for your Apple ID, thinking that having the password plus a trusted device was sufficient, you’ll want to correct that.

TheNextWeb‘s Owen Williams recently found that if someone tries to hack your account, and you get locked out, there’s no way back in without a recovery key.

While Apple states on its website that a new recovery key can be generated so long as you know your password and have access to one of your trusted devices, this is not true once the account is locked. No recovery key, no access. No amount of pleading by Williams would persuade Apple to help. Apple increased its security measures following the phishing attack on iCloud.

In Owen’s case, he did have a key, he just couldn’t find it. It was only by digging it out of a Time Machine backup that he was able to regain access to his account.

So, if you don’t yet have a recovery key, or can’t lay your hands on one, here’s what you need to do:

  • Go to My Apple ID

  • Select Manage your Apple ID and sign in with your password and trusted device

  • Select Password and Security

  • Under Recovery Key, select Replace Lost Key

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

  1. nickjeremiah - 9 years ago

    This information needs to be emailed to customers pronto… With 3 monthly reminders! Very important stuff this is.

    • Randy March - 9 years ago

      Apple discourage storing the key on a device. Everything that can connect to the internet can be hacked, especially your e-mail inbox. Apple recommend that you physically write the key somewhere.

      Also, the recovery key is not known by Apple. To remind you every 3 months, it’d have to reset it every time for you. I already see 2 problems with that approach.

      If I read your comment wrongly and you meant to e-mail you a reminder every 3 months (opt-out) to make sure you still have the key and know where it is, I totally agree.

  2. Randy March - 9 years ago

    Thank you for the PSA! :-)

    I’m going to check my keys now. I’ve also put a reminder repeating every 3 months.

  3. John - 9 years ago

    What are the chances of getting hacked? can they unlock my phone?

Guides

AAPL Company

AAPL Company

Breaking news from Cupertino. We’ll give you t…
iPhone

iPhone

Introduced in 2007 by Steve Jobs, iPhone is Appl…
iCloud Security Apple Inc Apple ID hack

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear

Dell 49-inch curved monitor

Dell 49-inch curved monitor