With two-step verification enabled for your Apple ID, you don’t need to create or remember any security questions because your identity is exclusively verified using your password, verification codes sent to your trusted devices and your Recovery Key.
The added layer of security is a tremendous convenience, but with great power comes great responsibility and I can’t stress enough how crucial it is to ensure you never forget where you stored your Recovery Key. As Owen Williams of The Next Web learned the hard way, they’re calling it “Key” for a good reason.
Losing your Recovery Key puts you at risk of being locked out of your Apple ID if Apple’s temporarily disabled it as a security precaution because someone’s tried to hack it.
Apple cannot grant you access back into your Apple ID. This is by design: the system’s been engineered in such a way so that only you can regain access to it. And in order to do that, you absolutely need a Recovery Key.
Here’s what to know about securing your Apple ID with two-step verification.
It boils down to storing your Recovery Key in a safe place because you never know when someone could try entering an incorrect Apple ID password.
That someone could be you.
As Apple’s support document states, you’ll be locked out of your Apple ID temporarily should your password be incorrectly entered too many times.
Two-step verification is easy to use.
As shown further below, any time you sign in to manage your Apple ID at the My Apple ID website, sign in to iCloud.com or make an iTunes, iBooks or App Store purchase from a new device, you’ll need to verify your identity by entering both your password and a 4-digit verification code.
As Apple notes, “After you turn it on, there’s no way for anyone to access and manage your account other than by using your password, verification codes sent to your trusted devices, or your Recovery Key.”
But what if you or someone else made numerous attempts to log into your Apple ID using an incorrect password? Nothing extraordinary: as a security precaution to protect your data, Apple will temporarily disable your Apple ID and require that you unlock it with your Recovery Key.
What some folks don’t seem to understand is that with two-step verification enabled and your Apple ID temporarily disabled for security reasons, Apple’s password recovery service available through the iForgot website is useless because there’s no way back in without your Recovery Key.
Therefore, not misplacing your Recovery Key is an absolute priority, a lesson Williams has learned the hard way.
“I had no idea where my Recovery Key was or if I’d ever even put the piece of paper in a safe place,” Williams wrote. “I’ve moved since I set up two-step verification” he writes.
Williams went on to call Apple Care, to no avail.
“We take your security very seriously at Apple,” a customer support representative told him “but at this time we cannot grant you access back into your Apple account. We recommend you create a new Apple ID.”
Indeed, as Apple’s FAQ states in plain language, “Apple Support can help you with other aspects of your service, but they aren’t able to update or recover” your Apple ID credentials.
There are no two ways around it. “Only you can reset your password, manage your trusted devices, or create a new Recovery Key,” the doc reads.
Noting he was on the verge of “losing my digital life,” Williams eventually recovered his Recovery Key from a Time Machine backup and used it to regain access to his Apple ID.
I’m aware this isn’t exactly breaking news and that Williams’s post only highlights that Apple’s systems actually work as designed. That being said, I thought it would be helpful to clear up any confusion stemming from enabling two-step verification and then losing your Recovery Key.
Our step-by-step instructions on enabling two-factor verification should get you up to speed quickly. In order to receive verification codes on any iOS device, Find My iPhone must be turned on.
Lost your Recovery Key?
Not to worry, just visit My Apple ID, choose “Manage your Apple ID” and sign in with your password and trusted device. Then hit “Password and Security” and click “Replace Lost Key” under the Recovery Key section. Keep in mind that creating a new Recovery Key renders the old one obsolete.
By the way, should you forget your Apple ID password you can always reset it at My Apple ID using your Recovery Key and one of your trusted devices.
Let Williams’s example be a constant reminder to everyone using two-factor verification: your Recovery Key should be absolutely stored in a safe place. Losing it puts you at risk of being locked out of your Apple ID if you or someone else entered your password incorrectly one too many times.
And don’t you ever store your Recovery Key on an iOS device.
Say I steal your iPhone and retrieve the Recovery Key you foolishly stored in 1Password or what not. Now I have the keys to your kingdom and can access all the apps and media you’d purchased on iTunes, use your iMessage and FaceTime, access your iCloud files and data — everything!
For the same reason, avoid adding any email account associated with your Apple ID to your device to prevent a thief from resetting your password. Another tip worth remembering: don’t associate your Apple ID with throwaway email addresses.
I myself use two-factor verification with an associated email created just for Apple ID. I will never add that email to iOS or Yosemite nor will I access it through email clients or any app for that matter outside a desktop browser in a private browsing mode.
Again, you and only you — not Apple — are entirely responsible for remembering your password, keeping your trusted devices physically secure and keeping your Recovery Key in a safe place.
“If you lose access to two of these three items at the same time, you could be locked out of your Apple ID permanently,” Apple underscores. If that’s not a wake up call to anyone who forgot where they stowed their Recover Key, I don’t know what is.
At the time of this writing, two-step verification was available in the following 59 countries: Argentina, Australia, Austria, Belgium, Bolivia, Brazil, Canada, Chile, China, Colombia, Costa Rica, Denmark, Dominican Republic, Ecuador, El Salvador, Finland, France, Germany, Greece, Guatemala, Honduras, Hong Kong, India, Indonesia, Ireland, Israel, Italy, Japan, Korea, Luxembourg, Macao, Malaysia, Mexico, Netherlands, New Zealand, Nicaragua, Norway, Panama, Paraguay, Peru, Philippines, Poland, Puerto Rico, Portugal, Russia, Singapore, South Africa, Spain, Suriname, Sweden, Switzerland, Taiwan, Thailand, Turkey, United Arab Emirates, United Kingdom, United States, Venezuela and Vietnam.
When the feature goes live in your country, it’ll automatically appear in the Password and Security section of your account when you sign in to My Apple ID.