PSA: Make sure you have a recovery key for your Apple ID – you’ll need it if you get hacked
If, like me, you skipped over the recovery key step when switching on two-factor authentication for your Apple ID, thinking that having the password plus a trusted device was sufficient, you’ll want to correct that.
TheNextWeb‘s Owen Williams recently found that if someone tries to hack your account, and you get locked out, there’s no way back in without a recovery key.
While Apple states on its website that a new recovery key can be generated so long as you know your password and have access to one of your trusted devices, this is not true once the account is locked. No recovery key, no access. No amount of pleading by Williams would persuade Apple to help. Apple increased its security measures following the phishing attack on iCloud.
In Owen’s case, he did have a key, he just couldn’t find it. It was only by digging it out of a Time Machine backup that he was able to regain access to his account.
So, if you don’t yet have a recovery key, or can’t lay your hands on one, here’s what you need to do:
Go to My Apple ID
Select Manage your Apple ID and sign in with your password and trusted device
Select Password and Security
Under Recovery Key, select Replace Lost Key