Apple introduced a new form of recovery key in September 2020 at the release of iOS 15 and iPadOS 15 to offer an option that lets you recover access to an Apple ID account with two-factor authentication when the password stops working (or you forget it) or your account is locked. Apple’s documentation didn’t initially reflect all the changes required to explain how to use this recovery key.
(This recovery key is not related to the FileVault Recovery Key. It’s an updated version of a feature once used with two-step verification, which was replaced with two-factor authentication.)
I contacted the company, waited, and never got enough information to recommend the feature—it was unclear how it worked. Our last advice to readers was to avoid enabling it. But somewhere in the previous several months, Apple quietly updated a few support pages and made it far clearer how Apple’s human-oriented account recovery differs from using a recovery key:
Apple’s general account recovery works like this:
It takes some period of time between initiating and when Apple may allow you to reset your account password and regain access. That’s to avoid identity theft.
You may receive a verification code that you provide to Apple, which may reduce the duration of the wait.
You may be asked to enter credit-card information associated with the account, which Apple validates through “authorization” (essentially a pre-charge, not an actual charge), which may also reduce the wait.
After the period of time passes, Apple sends you an email or uses an automated voice call to provides details to regain access.
However, this process can fail. Someone at Apple reviews at least some of these stages and may decide you haven’t proved you are who you say you are at all. In that case, your account is locked forever, along with losing any purchases, subscriptions, or other information only available when you have access to the account. That could include photos and images if you only have full-resolution versions synced at iCloud.com.
If you enable the Recovery Key feature, however, the balance changes:
No one who lacks the recovery key can attempt to reset your account’s password and gain access. Such a person would need access to your account password and an unlocked trusted device—and potentially the device’s password.
You can unlock your Apple ID account if Apple has locked it for some security reason just by possessing the recovery key. Previously, you had to go through a process with Apple, which might have resulted in them keeping the account locked permanently.
However, if you lose your recovery key, there is no backup option: Apple can no longer help you regain account access.
If those advantages seem worthwhile, here’s how to proceed. In iOS 14/iPadOS 14 or later, go to Settings > Account Name > Password & Security and tap Recovery Key. In macOS Big Sur or later, open System Preferences > Apple ID and click Password & Security. Next:
Turn on the recovery key. In iOS/iPadOS, tap the Recovery Key switch. In macOS, click Turn On next to the Recovery Key label.
When prompted, confirm that you want to create a recovery key. You’ll have to enter the password of the device you’re using or the macOS account you’re logged in to.
The 28-character recovery key is displayed, divided by hyphens into seven groups of four, but it can’t be selected and copied. Instead, you have to write it down or type it into a password-management app. While it’s not terribly secure, I suggest you make a screen capture to ease entering the key and then immediately delete it. (With Live Text in iOS 15/iPadOS 15 and macOS 12, you can then just copy the key out of the screen capture.)
When prompted, enter that long recovery key to validate you have it recorded correctly. If you entered it elsewhere to keep a permanent record, you can copy it from that location and paste it into the dialog.
Click Continue, and the account changes are made.
The recovery key is now active, and Apple sends email to the address connected to your Apple ID account to confirm that.
(An important side note: Make sure that if you lose access to your devices, that you can still pull up the recovery key from somewhere. If unlocking all your devices that you can still retrieve the key.)
When and if you need to recover account access or unlock your Apple ID, Apple doesn’t provide a list of steps of what happens. Instead, the company’s documentation implies that at the end of attempting to recover or unlock, it will provide additional instructions.
What you need at that point, Apple notes, is the recovery key and a trusted phone number as well as access to any iPhone or iPad running iOS 11 or later or any Mac running macOS 10.13 High Sierra or later. I haven’t seen this process in access, but apparently, you will need to receive a text message or automated call and enter the recovery key in the appropriately provided location. At that point, you can reset your password and regain access.
The recovery key can only be used once for this purpose, at which time you can regenerate it in the locations described above in iOS/iPadOS and macOS.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to email@example.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.