For many people, one of their biggest digitally related fears is a loss of access to their online lives: photos, videos, contacts, past and future calendar entries, email archives, and much more. While you can take every precaution, sometimes things go awry: you haven’t typed in your password in a while, a password vault becomes corrupted or lost, or you lost or have stolen from your phones or other devices you used to validate a login.
Apple is offering a powerful new tool mediated by privacy for iCloud users. You can pick a trusted person or people for the awkwardly named iCloud Data Recovery Service. If you’re locked out of your account for some reason and can’t regain access, these contacts can receive a validation code and provide it to you, and you can unlock certain synced data.
(An important tip! Even if you don’t want to use this feature, you may have family members who need help—and you might want to talk to them about adding you, or even setting this feature up with their permission for them on their device.)
iCloud has two forms of data it handles: stuff that’s synced across your devices and stored so you can also view it or interact with it at iCloud.com, and more private information that is synced between devices using end-to-end encryption. For that latter kind of data, Apple doesn’t have the details to decrypt it: iCloud acts just as a device conduit—only any iPhone, iPad, or Mac you have logged into the iCloud account can access that data and only on the device itself.
The iCloud Data Recovery Service re-establishes access only to your iCloud.com-accessible synced details. That includes a lot of kinds of things, however: photos and videos, contacts, notes, iCloud Drive files, and device backups. End-to-end encrypted data you can’t recover this way includes iCloud Keychain items, Health data, Messages, Apple Pay and other payment information, and more. Apple provides a list of which iCloud data is encrypted “in transit” or “in transit & on server” (iCloud.com accessible or recoverable) and which is end-to-end encrypted.
Apple suggests—and I concur!—only anointing someone as a Recovery Contact you really trust. This person could obtain access in certain circumstances to your data by gaining access to one of your trusted devices—an iPhone, iPad, or Mac associated with your Apple ID account with two-factor authentication enabled.
An account holder has to be at least 13 years old to enable this form of account recovery. Anyone selected as a recovery contact must have iOS 15 or iPadOS 15 running on an iPhone or iPad to provide recovery service.
Once you’ve thought about who to pick, here’s how to add them:
- Go to Settings > Account Name > Password & Security > Account Recovery.
- Tap Add Recovery Contact.
- Read the disclosures and then tap Add Recovery Contact.
- Apple authenticates you via Touch ID or Face ID, or requires an additional step.
- From the Add Recovery Contact screen, if you’re in a Family Sharing group, you can select any other members; if not, tap Choose Someone Else. Tap Next. Family Sharing group members are automatically added (and informed); otherwise, proceed to step 6.
- To add people, you can start typing to select them from your contacts list. Some names may be suggested, too. Tap Add when done. (You can have a total of up to five Recovery Contacts from your Family Sharing group and contacts.)
- On the Send a Message screen, Apple provides helpfully prewritten text to explain what you’re inviting someone to do. You can tap Edit Message to revise it or tap Send to send them the invitation.
On the Account Recovery screen, you now see a list of contacts with a status below in small type marking whether they’re active or have had a request sent to them. You can tap any contact to choose to remove them, or to resend an invitation if they haven’t yet responded.
In the event you need help from one of your Recovery Contacts, you can follow steps on one of your devices to recover iCloud access. Part of that process with provide you with information to give to contact, and Apple suggests you do this in real-time by phone or in-person (safety permitting). Your contact will receive a recovery code that you can enter on your iPhone or iPad, and then you can reset your Apple ID password.
In this process, you may lose access to some of the end-to-end encrypted data synced via iCloud. However, as long as you can still unlock your devices, that data should remain in place. When you re-enable your Apple ID account, you can also re-enable these services, which may prompt you to merge data across devices.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.