User profile for user: 8pl
8pl Author
User level: Level 1
27 points

Security Keys, Recovery Keys, Trusted Phone Numbers - security questions

I've just activated Security Keys but still feel not safe due to lack/misleading information from Apple concerning this topic. As an Apple's client a request clear information from Apple to allow me assessing my real security level for "Security Keys" option active. Question below (underlined). In case of lack of feedback from Apple could anybody please provide at least some of the answers or even ideas on the topics?

  1. I generated Recovery Key some time ago. Is it usable in any way after activating Security Keys? Will it work in case I lost all of them or it's just that Apple forgot to inform me that it's not usable anymore and can be thrown away?
  2. I have one Trusted Phone Number active which cannot be removed. Phone number can be stolen (e.g. using fake ID). Settings app informs me that "TPN are used to verify your identity when signing in on a different device". WHAT? Either it is false or I'm not any more safer that I was before activating Security Keys. What's the aim of Trusted Phone Number after activating Security Keys? Is the quoted information true or false? Why it's not possible to remove it (for security reasons)?
  3. Reseting AppleID password should be (my opinion) allowed only by means of using Security Key (resetting password is too easy, e.g. in case phone is stolen and thief knows security code, and there are a lot of discussions about that problem in discussion forums). Is Security Key required to reset AppleID password?


regards, customer

iPhone 8, iOS 16

Posted on Mar 16, 2023 1:38 AM

Reply

Similar questions

1 reply
User profile for user: 8pl
8pl Author
User level: Level 1
27 points

Mar 17, 2023 3:30 AM in response to 8pl

Selfreplying with some findings. I don't know whether they're correct or not, so most of them should start with "It seems..". I know that Apple does not provide too much details not to help hackers stealing data, but at least information already provided in Settings should be clear and helpful to accounts owners.


A?/ All three points in initial post concern 1st step of 2FA: password, whereas Security Key is sort of replacement for 2nd step of 2FA: passcode. Replacing passcodes with Security Keys doesn't change anything with regards to 1st step procedures (e.g. recovery of lost password).

B?/ TPA is replacement for passcode (when no trusted device is available nearby), but isn't (hopefully) replacement for Security Keys. Only Security Key can be used for 2nd step.

C?/ Access to account is lost permanently, if all trusted devices and security key are lost (but Apple claims that "you can lost access", not "you will loose").


Should all of above findings be true let me point some problems:

  1. In iOS settings TPN comment goes like "TPN helps recover your account if you forget your password", but in macOS "TPN is used to verify your identity when signing on a different device". iOS version seems like true but only partial - TPN can be also replacement for passcode (if passcodes are used). MacOS version is definitely misleading and mostly wrong (especially when Security Keys are active). Why not fixing them not to confuse users (+ differentiate descriptions following Secutity Keys on/off status)? Apple, pls?
  2. Account Recovery descriptions are even more confusing:
    • description of "Account Revovery" in "Password&Security" tells about "recovering data" only (no recovering access to account mentioned),
    • description of "Account Recovery" inside "Manage..." popup mentions recovering access to account and data (these are two different things, aren't they?) but also mentions using recovery contact/key as a tool to recover access to e2e data in case passcodes are lost (does it work as a replacement for Security Key as well, then?).
    • description of "Recovery Key" mentions only recovering data (no mention of account or passcodes).

Information provided in each place is different. It's really confusing.



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Security Keys, Recovery Keys, Trusted Phone Numbers - security questions

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up