PanicStation.org
UK USA
uk Technology & digital loss lost passkey device • passkey device stolen • passkey device missing • can’t sign in without passkey • locked out of passwordless login • phone lost can’t login • new phone no passkeys • passkeys not syncing • no access to authentication device • account recovery without device • passkey only login problem • lost iphone passkey access • lost android passkey access • security key lost passkey • credential device gone • passwordless sign-in failure • can’t approve sign-in prompt • worried someone will access accounts • recovery codes misplaced

What to do if…
you lose access to a passwordless login because the passkey device is gone

Short answer

Assume the missing device could be used against you, secure it and your main account first, then use the service’s official recovery path from a trusted device or computer.

Do not do these things

  • Don’t click “we found your phone / confirm your Apple/Google login” links from texts, emails, or social messages — this is a common phishing moment.
  • Don’t factory-reset or wipe your only remaining signed-in device “to start fresh” — you may erase your last working route back in.
  • Don’t push through repeated recovery attempts once you hit a lockout/rate-limit — stop, note exactly what the page asked for, then continue via the official recovery/support route.
  • Don’t create duplicate accounts with the same email “just to get in” — it can complicate recovery and support checks.
  • Don’t share one-time codes, backup/recovery codes, or “security info” screenshots with anyone who contacted you first.

What to do now

  1. Decide whether this is “misplaced” or “possibly stolen.”

    • If it’s misplaced at home/known place, search briefly, then move to securing access anyway.
    • If it’s lost in public / stolen / you’re unsure, treat it as compromised.

  2. Secure the missing device using the platform’s official tools (from a safe device).

    • Apple: use Find My (or iCloud.com/find) to Mark as Lost / Lost Mode as soon as you can.
    • Android (Google): use Find Hub / Find, secure, or erase to lock the device (and only erase if you’re confident it won’t be recovered).
    • Windows device: use Find my device to locate/lock if it was enabled.

  3. Contact your mobile network provider (if the missing passkey device is a phone).

    • Ask them to block the SIM / suspend service if you believe it’s stolen, or add extra protections to stop account takeovers.
    • This matters because phone numbers are often used in account recovery.

  4. Check for a still-signed-in device and use it as your “lifeline.”

    • Look for any laptop/tablet/desktop browser where you’re still logged in to the locked service (or to your main Apple/Google/Microsoft account).
    • From that signed-in session, go to Security / Devices / Passkeys and:
      • remove the missing device from “your devices / trusted devices”
      • revoke other sessions (if offered)
      • add a new passkey on a device you control (if offered)

  5. If you used passkey syncing/backup, restore it the supported way (don’t guess).

    • If your passkeys were stored via something like iCloud Keychain (Apple) or Google Password Manager (Google), they may reappear on a replacement device after you restore your main account and complete the provider’s verification steps.
    • If you set a recovery key for your Apple Account, recovery options can be different and stricter — follow the Apple support flow for your setup.

  6. Start the service’s official “can’t sign in” recovery from a clean browser session.

    • Use a private/incognito window on a trusted computer.
    • Type the provider’s official address yourself, then choose “Can’t sign in?” / “Forgotten details?” / “Account recovery.”
    • Write down: the exact username/email used, which options you were offered, and any on-screen messages.

  7. If you think someone has tried to access accounts, create an official report trail (UK).

    • For England, Wales, or Northern Ireland, use Report Fraud to report cyber crime/fraud attempts.
    • If you live in Scotland, use Police Scotland on 101 for non-emergencies.
    • If a crime is happening now or you’re in immediate danger, call 999.

What can wait

  • You do not need to decide today whether to abandon the account, buy new hardware immediately, or migrate ecosystems.
  • You do not need to audit every account at once — focus on the “keys to everything” first (email + main device account + banking).
  • You do not need to perfect your setup while stressed; aim for “safe access restored” first.

Important reassurance

Getting locked out after losing a passkey device is a known failure mode of passwordless systems. It feels alarming, but most providers have recovery routes — and scammers target people at exactly this moment. Going slowly (secure device → secure main account → official recovery) protects you.

Scope note

These are first steps only to stabilise access and reduce harm. Once you’re back in, you can strengthen resilience (extra trusted devices, recovery contacts/codes, and safer device settings) when you’re calmer.

Important note

This is general information, not legal or professional advice. Recovery steps vary by provider and your settings. If anything looks unusual (unexpected recovery prompts, new devices, or changes you didn’t make), prioritise securing your main accounts and using official reporting/support channels.

Additional Resources
Support us