iPhone thieves are locking owners out of their devices — what you need to know

iPhone lineup in retail store
(Image credit: Stanislav Kogiku/SOPA Images/LightRocket via Getty Images)

An Apple security feature designed to protect customers has inadvertently given iPhone thieves a way to entirely lock them out of their Apple account.

Introduced in 2020, recovery keys are randomly generated 28-character codes that can help users retrieve their Apple ID account when they don’t have enough information to reset their password.

Unfortunately, as the Wall Street Journal points out in a report, it can also be used by savvy phone thieves to eliminate the chance of victims being able to regain access to their account after the password is changed.

What’s more, while victims of phone theft may be able to recover stolen money racked up through Apple Pay or financial app payments made through their iPhone - retrieving data is harder. A call to the bank may be enough to seal off a compromised credit card but, as the WSJ report shows, retrieving photos, notes, messages and other files from Apple is much more difficult.

One such victim, Greg Frasca, had his iPhone 14 Pro stolen in a bar in Chicago and, after using his passcode to change his Apple ID password, they flipped the recovery key to lock him out completely. Mr Frasca’s Apple account contains the only copies of eight years of photos of his young daughters and the 46-year-old has offered to fly from Florida to Apple HQ in Cupertino to prove his identity in order to restore access to his account.

“We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare,” an Apple spokesman said of the issue. 

“We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this one.”

How to add a recovery key

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Apple advises users to safely store copies of their recovery key in more than one place or to pass it on to a trusted family member or friend instead.

If you did want to add one to your account, it can be found as an option in the Password & Security menu of under the Apple ID option in your iPhone’s Settings app.

Scroll down and you should see an Account Recovery button, tap on this to be taken through the setup process for adding a recovery key.

If you want to know more, here's our full guide on how to set up an Apple ID recovery key.

It bears pointing out that Google employs a different method for recovering an account. The company’s password-reset process asks for an email, phone number or password to allow users to regain access later — even if they’ve been changed by an imposter.

Meanwhile, our guide here will tell you what to do when your iPhone is disabled

More from Tom's Guide

Jeff Parsons
UK Editor In Chief

Jeff is UK Editor-in-Chief for Tom’s Guide looking after the day-to-day output of the site’s British contingent. Rising early and heading straight for the coffee machine, Jeff loves nothing more than dialling into the zeitgeist of the day’s tech news.

A tech journalist for over a decade, he’s travelled the world testing any gadget he can get his hands on. Jeff has a keen interest in fitness and wearables as well as the latest tablets and laptops. A lapsed gamer, he fondly remembers the days when problems were solved by taking out the cartridge and blowing away the dust.