Lost Second Factor: How to Regain Access to Your iOS or Android Phone

In recent years, a password alone is no longer enough to protect important accounts from unauthorized access. Most major companies (Google, Apple, Amazon, Microsoft, Dropbox, Facebook, and many others) have introduced two-factor authentication (2FA) as an optional, and later strongly recommended, security measure. As long as you have your second factor, everything works fine. But what happens if you remember your password but lose access to your second factor? Let’s explore what happens to your Apple and Google accounts if you lose your second authentication factor.

How Can You Lose Your Second Factor?

It’s easier than you think: while traveling (especially abroad), your phone might get stolen, forgotten, or lost. If your trusted SIM card was in that phone, you can block the stolen device remotely, but you won’t be able to log in to your account to activate a replacement phone—especially since you can’t restore your “home” SIM card while abroad.

With Apple, things get even trickier. Besides trusted phone numbers, only Apple devices can serve as a second authentication factor—there are no backup codes or authenticator apps. So, if you plan to sell or trade your only Apple device (or your child’s), make sure your account has an up-to-date phone number. Otherwise, you won’t be able to log in to your account on a new device.

It gets even more complicated if a child under 13 loses access to their second factor, especially if their device is managed through Family Sharing and Screen Time. Even as a parent with active parental controls, you might find yourself unable to resolve the issue if the child loses or breaks their second factor. In some cases, there may be no solution at all.

Apple and Two-Factor Authentication

Apple requires 2FA not just for security, but also for:

• iCloud Keychain password sync
• Quick password reset or change for Apple ID
• iCloud message sync (SMS and iMessage)
• Health app data sync
• Remote Screen Time management

In many cases, the second factor becomes more important than the password itself. With the second factor, resetting a forgotten password is easy. But replacing a lost second factor, even if you know your password, is nearly impossible. Here’s what you can do with just a login and password versus just the second factor:

• Apple Account Login: Login and password alone: No (except for Find My iPhone). Second factor alone: Yes, you can reset the password and access services.
• Factory Reset and Disable Find My iPhone: Login and password: Yes. Second factor: Yes, just reset the password and disable iCloud.
• Set Up New Device and Restore from Backup: Login and password: No, second factor required. Second factor: Yes, reset password and proceed.

If You Forget Your Password

If you have your second factor, you can reset or change your Apple ID password easily, even without knowing the original password. For example:

• On your iPhone or iPad (iOS 10+): Go to Settings > [your name] > Password & Security > Change Password and follow the instructions.
• On iOS 10.2 or earlier: Go to iCloud > [your name] > Password & Security > Change Password.

You can also reset your password at iforgot.apple.com, which will send instructions to all trusted devices.

If you don’t have a trusted device, you can still reset your password as long as you have access to a trusted phone number.

If Your Password Is Stolen

If someone steals your password, your data is relatively safe. The only Apple service they can access is Find My iPhone. They can track, lock, or erase your devices, but not access your data. You can always restore your devices from a backup.

What Counts as a Second Authentication Factor?

• Your iPhone, iPad, iPod Touch, or Mac using your Apple ID
• A trusted phone number

Only Apple devices can be trusted devices. You can’t use a standard Authenticator app (like Google Authenticator) with Apple accounts. Most other companies (Amazon, Dropbox, Facebook, Google, Microsoft, Xiaomi, etc.) support TOTP codes generated by standard authenticator apps, but not Apple.

If You Lose Both Your Apple Device and Trusted Number

If you know your password but lose all second factors, Apple will require a lengthy (up to two weeks) account recovery process, and there’s no guarantee you’ll regain access. If someone steals your second factor, they could potentially get a new SIM card with your trusted number and take over your account.

If a hacker gets your second factor, they can:

• Change your Apple ID password
• Unlink your device from iCloud and reset it
• Access your iCloud photos, synced data (contacts, calendars, notes, reminders, call history, Safari data), Health app data, iCloud Drive files, Books, and more
• Access your iCloud email

Some data (iCloud Keychain, Health data from iOS 12+, synced messages) is encrypted and only accessible with a device passcode or Mac system password. Without this, even a hacker can’t access it.

How to Restore Access to Apple ID

Most people lose both their device and trusted number while traveling. Apple does not allow you to restore access by showing ID at an Apple Store. You must first restore your trusted SIM card (usually by returning to your home country) and receive a verification code. If you need access immediately, Apple only offers an automated account recovery process, which can take days or longer and is not guaranteed to succeed.

Key takeaway: In Apple’s ecosystem, the second authentication factor becomes the primary means of authorization, and the password is secondary.

Two-Factor Authentication, Child Accounts, and Screen Time

Family Sharing allows up to six people to share App Store purchases and content. Apple recommends unique Apple IDs for each family member, including children. Screen Time lets parents monitor and restrict device usage, but requires 2FA on both parent and child accounts. Even for children under 13, you can’t simply remove their account from Family Sharing. If a child loses their second factor (e.g., a SIM card is no longer used), you may lose access to their account and be unable to remove it from Family Sharing.

Apple support may suggest creating a new Apple ID to transfer the child’s account, but overall, the second factor plays an outsized role in Apple’s ecosystem.

Think Different: Two-Factor Authentication in Google

Google uses 2FA strictly as an extra security measure. All features are available with or without 2FA. Google is flexible about what can serve as a second factor:

• Your Android phone or tablet (with your account added and unlocked)
• Trusted phone numbers (not required, unlike Apple)
• Authenticator apps (TOTP standard, works offline, compatible across platforms)
• Backup codes (printable and storable)
• Hardware keys (FIDO U2F or built-in)
• Trusted browsers (like Chrome)

If you lose your second factor, Google provides a detailed guide: Problems with 2-Step Verification. Usually, you can use another available factor or log in from a previously authorized browser to disable 2FA or generate new backup codes. If you have no backup options, you can try the automated account recovery process, but success is not guaranteed—especially if you’re abroad. Your chances are better from your home IP address.

Two-Factor Authentication, Child Accounts, and Family Link

Google also recommends separate accounts for children, including those under 13. You can add a child to your family group, allowing them to use purchased apps (with some restrictions). If a child uses an Android device, you can manage their account with Google Family Link (also available on iOS). Family Link is similar to Apple’s Screen Time but with fewer restrictions. For example, you can freely add or remove a child’s account regardless of age.

To set up a child’s device, you need both the child’s and a parent’s account passwords—this serves as the second factor. If a child forgets their password, a parent can easily reset it via Family Link. If the child loses their device, you can set up a new one using the child’s account password and your own Google account password. There’s no risk of losing access to the account.

When a child turns 13, they can opt out of Family Link and set up their own 2FA methods.

Conclusion

Both Apple and Google offer ways to recover account access. With 2FA enabled, recovery methods differ depending on whether you’ve forgotten your password (but have the second factor) or know your password but lack the second factor.

In Apple’s ecosystem, so many services depend on the second factor that it’s far more valuable than the password. As a result, recovering access without the second factor is much harder and slower than recovering from a forgotten password.

For Google, both factors are roughly equal, but recovery methods differ. For example, if you’re logged into your Google account in Chrome, anyone using that browser can change or disable 2FA or generate backup codes, but cannot change the password without the old one or going through account recovery.

With Apple, you can change your Apple ID password without the old one, as long as you have a trusted device or phone number. Disabling 2FA is rarely possible and the process is lengthy. You can add another trusted phone number without a password, as long as you have access to an existing second factor.