User profile for user: DonSphynx
DonSphynx Author
User level: Level 1
7 points

Account recovery key vs Apple ID password reset via PIN

Hi,


If I enable the recovery key feature, does it prevent that totally insecure Apple ID reset-with-phone-PIN thing? The recovery key could be printed on a paper and sit somewhere in a safe, until needed. So far I did not find any sane solution to disable the PIN feature. The 1h delay with stolen device protection is a poor workaround, not a real fix. I literally don't want my cloud account to be modified by anyone or anything from anywhere in the field.

Posted on Apr 26, 2025 4:10 AM

Reply
Question marked as Top-ranking reply
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
60,140 points

Posted on Apr 26, 2025 8:55 AM

Did you see the information provided here. It completely disables anyway for the Apple Account password to be changed unless you have another Trusted Device. A Trusted Device is one that is already signed into your Apple Account, so any other reset without that 28 character key is not possible. If you do not have any other device signed into your account and don't have the 28 character key, you will lose your Apple Account and not be able to access it.


A recovery key is a secret 28-character code that you can use, along with a trusted phone number and an Apple device, to recover your account and data.

  • When you set up a recovery key, you turn off Apple’s standard account recovery process.
  • Instead, access to a trusted device or your recovery key will be required to reset your Apple Account password and sign in to your account if you ever lose access.

This gives you more control of your account recovery methods and can help prevent an attacker from gaining access to and taking control of your account. However, if you lose your recovery key and can’t access one of your trusted devices, you’ll be locked out of your account permanently.

Set up a recovery key for your Apple Account - Apple Support


View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
60,140 points

Apr 26, 2025 8:55 AM in response to DonSphynx

Did you see the information provided here. It completely disables anyway for the Apple Account password to be changed unless you have another Trusted Device. A Trusted Device is one that is already signed into your Apple Account, so any other reset without that 28 character key is not possible. If you do not have any other device signed into your account and don't have the 28 character key, you will lose your Apple Account and not be able to access it.


A recovery key is a secret 28-character code that you can use, along with a trusted phone number and an Apple device, to recover your account and data.

  • When you set up a recovery key, you turn off Apple’s standard account recovery process.
  • Instead, access to a trusted device or your recovery key will be required to reset your Apple Account password and sign in to your account if you ever lose access.

This gives you more control of your account recovery methods and can help prevent an attacker from gaining access to and taking control of your account. However, if you lose your recovery key and can’t access one of your trusted devices, you’ll be locked out of your account permanently.

Set up a recovery key for your Apple Account - Apple Support


Reply
User profile for user: DonSphynx
DonSphynx Author
User level: Level 1
7 points

Apr 27, 2025 12:02 AM in response to DonSphynx

So it indeed looks there is no way to cover this security hole. Apple forgot, that the moment the device leaves my hands, it instantly becomes untrusted and there is of course no way for them to know.

  • recovery key is worthless in this case, because of these trusted devices
  • the screen time lock method is worthless, because it can be reset using the PIN
  • MDM is worthless, because even if you lock accounts and passcode parts, the "forgot password?" dialog always pops up from somewhere (safety check)


I'm completely out of ideas. Dear Apple, what about trusted IP addresses instead of constantly inventing patches to holes made by another patches? Whoever spoofs my IP, can keep the stolen device with my blessing. This requires completely different resources and skills than some street grab and run exercise

Reply
User profile for user: bandit193
bandit193
User level: Level 1
8 points

Apr 26, 2025 7:44 AM in response to DonSphynx

DonSphynx wrote:

Hi,

If I enable the recovery key feature, does it prevent that totally insecure Apple ID reset-with-phone-PIN thing? The recovery key could be printed on a paper and sit somewhere in a safe, until needed. So far I did not find any sane solution to disable the PIN feature. The 1h delay with stolen device protection is a poor workaround, not a real fix. I literally don't want my cloud account to be modified by anyone or anything from anywhere in the field.


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Account recovery key vs Apple ID password reset via PIN

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up