Resetting an Apple ID password can be annoying, though it’s made much easier if you have access to a device that you are already signed into. Without another device though, the process of resetting an Apple ID account login can be frustrating, but a Recovery Key makes this situation easier.
Apple ID Recovery Key serves as an additional way of authenticating your Apple account, and it can be used if you forget your password and lose access to another trusted device. Using a recovery key eliminates the need to visit Apple’s website to jump through hoops like verifying payment method details and answering security questions for a password reset. The ability to generate a recovery key from the Mac requires macOS Big Sur or macOS Monterey.
If you have a Mac, it’s pretty easy to generate and use a recovery key.
• Open “System Preferences” on the Mac (from Apple menu or Dock).
• This will open a new window on your Mac. Click on the Apple ID option located at the top-right corner.
• Now, click on “Password & Security” from the left pane. In this section, you’ll find the Recovery Key option below Trusted phone numbers. Click on “Turn on” next to the Recovery key option to continue.
• When you’re prompted to confirm your action, click on “Use recovery key” to proceed.
• Next, you’ll be asked to enter your Mac user password. Type in the password and click “OK”.
• If you have an iPhone, you’ll also be prompted the enter the passcode you use to unlock your iPhone.
• Now, your unique recovery key will be shown to you on the screen. Make sure to write it down in a safe place that you’re able to easily access. Once you’re done, click on “Continue”.
• Next, you’ll be asked to enter your 28-character recovery key to verify that you’ve noted it down. Click on “Done” after typing it in.
• The feature is now turned on. If you want to change the recovery key for any reason, you can click on “Create new key”. You also have the option to turn this feature off at any time.
From now on, you’ll have just two ways to reset the password for your Apple account. You can either reset the password from a device that you’re already logged into, whether it’s your Mac, iPhone, or iPad, or you can use the recovery key instead. The latter could prove to be invaluable if you don’t have access to another trusted device, or if you only have one Apple device.
Note that when you disable and re-enable the Recovery Key feature, a completely new key will be generated for your account. If you lost your current recovery key somehow, you can replace the key with a new one on your Mac from the same menu using the “Create new key” option.
Your Mac is pretty safe on your private home network, but what about when you're surfing the Web in coffee shops? Anyone with a computer and rudimentary hacking skills could target you, which is why it's important to make sure your Mac's built-in firewall is enabled and that stealth mode is turned on.
macOS's firewall feature blocks unwanted network traffic coming into your computer, and stealth mode makes your Mac essentially invisible to hackers snooping for computers to target. They aren't foolproof features, but they will keep most people from finding and attacking your Mac on public networks.
First, you need to make sure your Mac's firewall is enabled:
• Go to Apple menu > System Preferences.
• Choose Security & Privacy.
• Select the Firewall tab.
• If the firewall is active you’ll see a green dot and "Firewall: On." If not, click Turn Firewall On. You may have to click the padlock icon and authenticate with your Mac's password to change the setting.
Next, enable stealth mode:
• Click Firewall Options. It's below the button for turning the firewall on and off.
• Check Enable stealth mode.
• Click OK.
"Automatically allow built-in software to receive incoming connections" and "Automatically allow downloaded signed software to receive incoming connections" should already be checked. Those settings let the apps you already have communicate through the firewall without you having to take any extra steps. Leave those checked unless you know what you're doing and plan to manage app network access manually. You should leave "Block all incoming connections" unchecked too, unless all you're doing is surfing the Web.
If you’ve been using FileVault from the time you set up your Mac, that encryption is extremely strong, and erasing the drive deletes the passphrase-protected encryption key. That makes the contents effectively irretrievable, and no additional erasure is needed for an SSD or HDD. If you didn’t use FileVault, here are your options.
Unless you’re dealing with secrets that would lead to the overthrow of governments, using Disk Utility’s secure erase feature meets the mark. HDDs can also be physically destroyed with a drill equipped with a bit suitable for puncturing the metal casing. A hammer and chisel could work, too. If you have a dead HDD and if you think anyone with motivation might pay to have the data recovered, physical destruction is the only way to ensure data isn’t readable.
Data is written in an unpredictable fashion on SSDs to distribute the wear across all the memory cells in the solid-state device. As a result, a secure erase feature doesn’t work at all, as it may not overwrite all the data. Physical destruction is really the only course of action, which is an unfortunate waste of technology. And if you have a Mac in which the SSD isn’t removable, but part of the computer, that’s even worse.
Fortunately, the various kinds of RAMs used by generations of Macs are all volatile memory: the contents disappear instantly or shortly after a device is powered down. So far, there’s no way to recover any traces of data from RAM chips.
Apple has today launched its new Data and Privacy website, allowing Apple users to download everything that Apple personally associates with your account, from Apple ID info, App Store activity, AppleCare history to data stored in iCloud like photos and documents. This is currently only available in European Union, Iceland, Liechtenstein, Norway, and Switzerland to comply with GDPR, but will roll out worldwide in the coming months.
The new online tools allow customers to get a copy of all data associated with an Apple ID. You can request account details and sign-in records and data such as contacts, calendars, notes, bookmarks, reminders, photos and documents. Apple also stores info like app usage statistics for Apple Music and Game Center, a purchase history of items bought from the App Store and iTunes Store, AppleCare support history and marketing records.
Only data that is personally identifiable can be found here. This can all be downloaded with a few simple clicks on the privacy portal. To obtain a copy of your data:
1. Log in to privacy.apple.com.
2. Select the "Get started" link under the "Get a copy of your data" heading.
3. Tick the boxes of the categories of data you want to download (iCloud Photos, Mail and Drive are separated into a separate list as this data may be exceptionally large).
4. Press Continue.
5. Select what is your preferred maximum file size (Apple will split up the data into chunks, up to a maximum of 25 GB) and press Continue.
Your data request is now in progress. Data like iCloud Photos will take a long time to generate as there are potentially tens of gigabytes of files. It can take up to a week to prepare the downloads. Apple notifies you when the data is ready to download, and it is automatically deleted after 2 weeks.
Apple says it provides all data in standards-compatible formats. This means it can be used as a way to move all your data to a new cloud service, as well as transparently showing customers what data Apple keeps on you.
Whilst these features will roll out later in the year for other regions, all customers can request data corrections, deactivate or delete their account. You can do this by following the links on the main page.
Deactivation means that Apple will stop processing any data relating to your Apple ID. You will not be able to access any store purchases from iTunes, iBooks or the App Store. You will not be able to access any iCloud data, or use iCloud services like FaceTime or iMessage (see here for more conditions about account deactivation). You are literally cutting yourself off from the Apple connected world. Apple will verify all deactivation requests to prevent abuse. Apple doesn’t delete your info, it just stops anyone - including Apple - from accessing it whilst the account is deactivated. You can re-enable the account by logging back in to the privacy portal and choosing to reactivate it.
Permanent deletion takes this one step further, essentially asking Apple to remove all data they have stored on you - forever. This process is not reversible once initiated.
Mac users in higher security risk situations may wish to enable an optional firmware password on their machines, which offers an advanced level of protection. In short, a firmware password is a lower level layer of security that is set on the actual Mac logic board firmware, rather than at the software layer like FileVault encryption or the standard login password.
The result of setting an firmware password is that a Mac can not be booted from an external boot volume, single user mode, or target disk mode, and it also prevents resetting of PRAM and the ability to boot into safe mode, without logging in through the firmware password first. This effectively prevents a wide variety of methods that could potentially be used to compromise a Mac, and offers exceptional security for users who require such protection.
Like any other essential password, use something memorable but complex, and do not forget a firmware password after it has been set. A lost firmware password is unrecoverable on most modern Macs without a visit to an Apple Store for service and recovery.
Setting a firmware password is rather simple.
• Start up from macOS recovery mode by holding down Command (⌘)-R immediately after turning on your Mac. Release the keys when you see the Apple logo.
• When the utilities window appears, choose Utilities > Firmware Password Utility from the menu bar. On iMac Pro, choose Startup Security Utility instead.
• Click Turn On Firmware Password.
• Enter a firmware password in the fields provided, then click Set Password.
• Quit the utility, then choose Apple () menu > Restart.
The firmware password will not appear during a regular restart or boot of the Mac, it only becomes mandatory when the Mac is attempted to boot from alternate methods. This may be in situations where a Mac is attempted to boot from an macOS installer drive, an external boot volume, recovery mode, single user mode, verbose mode, target disk mode, resetting the PRAM, or any other alternative booting approach that will summon the rather plain looking firmware password window. There are no password hints or additional details provided, only a simple lock logo and a text entry screen. An incorrectly entered firmware password does nothing and offers no indication of login failure except that the Mac won't boot as anticipated.