[m_a_g]

> When you set up a recovery key, you turn off Apple's standard account recovery process.

> However, if you lose your recovery key and can’t access one of your trusted devices, you'll be locked out of your account permanently.

I considered it before but I think it's just too much risk as I rely heavily on iCloud. On the other hand, I don't see the risk with the current method if you're smart enough not to fall for things like MFA bombing tactics.

[asd4]

The security researcher in the article was concerned about accidently confirming the prompt on his watch.

I don't think its a matter of being "smart enough". Human error can easily creep in when dismissing 10's or 100's of prompts.

[hunter2_]

The prompt UX should step into a special "bombed" mode when a frequency threshold is crossed, at which point accepting a prompt has fat-finger protection such as double confirmation steps, and declining all (or perhaps all that share a commonality, like same initiating IP address) becomes possible.

[lazide]

Or you know, not allow this kind of brute forcing at all?