Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Without your Recovery Key, your Apple ID could be lost forever

Glenn Fleishman | Dec. 12, 2014
Here's a question that could change the rest of your digital life: Where is the Recovery Key for your Apple ID account?

Here's a question that could change the rest of your digital life: Where is the Recovery Key for your Apple ID account?

If you haven't enabled two-step verification on your Apple ID (or on multiple such accounts), you don't have to answer that question, because you don't have such an animal. If you have turned on this extra account protection, that question is vital, but don't panic quite yet if you don't have an answer.

Owen Williams of The Next Web documented the many hours of cold sweats he went through after someone attempted to crack his account, and Apple disabled normal access, as described in this support document. He couldn't find his Recovery Key, and Apple said without it, his account data and access would be lost forever.

And that's true. Apple has designed its two-step recovery system, just like iOS 8's passcode protection and Mac OS X's FileVault encryption, so that if the necessary credentials are lost, the firm cannot recover your data. It's not just being perverse. Apple doesn't retain information in a way that lets it gain access without key pieces of data or devices only you possess. If it has the secrets, then attackers can gain them, too, or it can be compelled to surrender them to government agents. (The one exception: FileVault offers an escrow option for your drive recovery key, but even then you have to provide precise information to Apple to unlock the encryption that's surrounding your key.)

The fact that an attacked account is locked means that a malicious party could even weaponize that behavior into you losing your account access forever if you don't know where you stashed your Recovery Key. Some of us set up two-factor authentication nearly two years ago when Apple first offered it.

It's time to rummage through your records and make sure you have what you need to prevent someone's attempt to poke your account — or you fumble-finger entering the wrong password a few too many times in a row — into a digital-life disaster. If you can't find it, it's past time to reset your Recovery Key and figure out a better way to retain it.

(Owen had a happy ending: Digging through Time Machine backups, he eventually found a picture he'd taken that had the key and was able to get back into his account.)

Recovery Key is your last-ditch effort

Apple built two-step verification around the notion that you'll always have access to at least two of three things: your password, a trusted device, and your Recovery Key. If you lose your password, you enter the Recovery Key and get a message on a trusted iOS device or phone. If you lose all your trusted devices, you can use your password and Recovery Key to add new ones. Lose the Recovery Key, and you can log in and generate a new one.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.