If You Lose Your Apple ID Recovery Key, Your Account is Gone Forever

Do you know where your two-factor Recovery Key is? For those unaware, when you turn on the two-factor authentication, you receive a Recovery Key, which is the ultimate tool to access your digital life (aka Apple ID) in case you forget your password or your account is the target of a hacking attack.

Recovery key apple id

Why is this so important? The Next Web’s Owen Williams has a horror story: he got locked out of his Apple account because the above scenario happened to him. Someone tried to hack his account, and the two-factor authentication did its job: it protected his account, but it also disabled his Apple account for security reasons.

The only solution to recover his digital life — seven years of purchase history and all of the important info connected to that Apple ID — was to enter the Recovery Key he received when enabling the two-factor authentication.

Well, that’s no problem, you may say, let’s enter the key — if you have it at hand, of course. Because if you don’t, you are screwed. Apple’s latest security measures lock you out of your own account, because after several failed attempts you cannot use your trusted device anymore. Just the key. This is something Apple doesn’t tell you, so you better be cautious with that security key.

When I headed to the account recovery service, dubbed iForgot, I discovered that there was no way back in without my recovery key. That’s when it hit me; I had no idea where my recovery key was or if I’d ever even put the piece of paper in a safe place. I’ve moved since I set up two-factor on iCloud.

You can forget about calling Apple or using your Apple connections to access your account. If you have lost that code, the only advice you get is to create a new Apple ID.

Apple support told me that the security lock doesn’t expire, so there’s no way to get around requiring the key, even though its support site says you can use trusted devices. You’re simply not given that option when your account is locked.

So, once again: do you know where your Recovery Key is?

Technology enthusiast, rocker, biker and writer of iPhoneinCanada.ca. Follow me on Twitter or contact me via email: istvan@iphoneincanada.ca

  • exaro

    What I found interesting about this report is that I too was locked-out of my account this past weekend. I know I would never have mis-typed my password that often so must now assume I was a victim of a hacking attempt.

    I encountered the same problem that my Apple ID, password and trusted device option no longer worked. After a – fortunately brief, in my case – panic I found my Recovery Key neatly printed and stored with other licences. BUT this time I saved copies to multiple cloud storage sites as well [obviously not iCloud – why bother?] as I imagine getting locked-out when thousands of encrypted SecureSafe and matching the key with my Apple ID while having my iPhone in-hand is a risk I am prepared to take.

  • That’s why I think keeping that kind of recovery code on a piece of paper is dangerous. You’re better to keep an electronic copy as well. That’s what I did. I have the 2-step auth activated for every account it’s possible to do so, and each recovery/backup code is on an encrypted text document with a password I can’t forget. And every 6 month, I reset every password as well as the backup code.
    1Password is your best friend!
    Some people would say it’s not safe to keep an electronic copy, even encrypted, but remember that if each service password is unique (using 1Password for exemple to store them), the recovery key itself would be useless for a hacker since he would need that unique password before.

  • mozbius

    But how safe is 1Password really?

  • 1Password does not store your data. You choose to store your password file to either Dropbox or iCloud. It’s as safe as your Master password that you create to unlock your password database.

  • Megan

    It specifically tells you this when you sign up for two factor authentication. Multiple times. On the screen where you get a recovery key it even tells you in bright red to keep it in a safe place.

  • Yep, you’re absolutely correct. The onus is on the user to keep their recovery key in a safe place. The fact it, we never think we would have to use it and just when we do, that’s when people ‘forget’ where it is.

  • Bro

    What about when a user sets up several trusted devices for the account? All of these devices/phone numbers being owned by their family members. Would that work or could you still be locked out of the trusted device method?

  • If your account is locked, like Owen’s was, those trusted devices won’t work for account recovery. You need the recovery key. He didn’t store his safely (despite Apple telling you to during setup) and got freaked out.

  • sukisszoze

    After reading this, I couldn’t find my first recovery key..try to get it regenerated but the sms message from Apple took forever to come to verify me..like 30 minutes..1PW is my best friend.

  • Bro

    Well that’s just useless. The reason I added multiple phone numbers and devices that aren’t my own, was so I wouldn’t need to worry about using a recovery if my own device is lost or locked. Apple needs to change this. Huge fail here.

  • Seems to be a move to strengthen user security from prying government eyes possibly.

  • ward09

    How do they send you the recovery key? E-mail?

  • It’s shown on your computer screen when you setup 2-step security the first time.

  • ward09

    Oh. I’ve never set it up using two-step. This is good to know in case I do.

  • Eddie

    Completely Agree! I got locked out of my ID months ago for “supposedly” mistyping the password incorrectly multiple times. Impossible, since it is the easiest password for me to remember and have had the same one for 7 years. I try the “recovery questions” and nothing. Seems they think I can’t remember the model of car I first bought and “liked most”. Doubtful, since I’ve only had 2 cars in 7 years and the first one is the one I loved. Then there is the attempt to have them send me a “reset e-mail.” It says “email sent.” but who knows where the heck that is going..over..and over..and over, since I’ve had the same e-mail address since 2006. You are right..calling them is useless, since they say they are “locked out as well” and can only go in to verify my account info I can give them the “secret answers.” In other words, they can not do anything I haven’t already done? Let me guess…the 2-factor authentication is something new? Did it start with a new IOS which I can’t even go in to update? Figures…Another useless idea and false sense of “security” from good Ol’ Apple.