PanicStation.org
UK USA
us Technology & digital loss lost passkey device • passkey device stolen • passkey device missing • can’t sign in without passkey • locked out of passwordless login • phone lost can’t login • new phone no passkeys • passkeys not syncing • no access to authentication device • account recovery without device • passkey only login problem • lost iphone passkey access • lost android passkey access • security key lost passkey • credential device gone • passwordless sign-in failure • can’t approve sign-in prompt • worried someone will access accounts • recovery codes misplaced

What to do if…
you lose access to a passwordless login because the passkey device is gone

Short answer

Secure the missing device and your primary account first, then use the service’s official “can’t sign in / account recovery” route from a trusted device or computer.

Do not do these things

  • Don’t follow login links from texts/emails claiming your phone was found or your account needs “urgent verification” — phishing often spikes right after a device goes missing.
  • Don’t wipe the only device that still has you signed in somewhere — that can remove your last working recovery route.
  • Don’t keep attempting recovery after you hit a lockout/rate-limit — stop, note the exact prompts, then continue via official recovery/support.
  • Don’t give anyone a one-time code, backup code, or “security info” screenshot because they say they’re helping.
  • Don’t create a new account with the same email “to get back in” — it can complicate recovery and support checks.

What to do now

  1. Treat the device as compromised if you’re not 100% sure it’s safe.

    • If it might be stolen or in public, act as if someone else could try to use it.

  2. Secure/lock the missing device using official device tools.

    • Apple: use Find My to Mark as Lost / Lost Mode.
    • Android (Google): use Find Hub / Find, secure, or erase to lock the device (erase only if you’re confident it’s permanently gone).
    • Windows device: use Find my device to locate/lock if it was enabled.

  3. Call your mobile carrier (if the missing passkey device is a phone).

    • Ask them to suspend the line / block the SIM (or eSIM) if stolen, and add protections to reduce SIM-swap and account takeover risk.
    • This matters because phone numbers are frequently used in account recovery.

  4. Use any still-signed-in device as your “lifeline.”

    • Check laptops/tablets/desktops you normally use: are you still logged in to the locked service (or your main Apple/Google/Microsoft account)?
    • From that signed-in session, go to Security / Devices / Passkeys and:
      • remove the missing device from trusted devices
      • revoke other sessions
      • add a new passkey on a device you control (if offered)

  5. If you used passkey syncing/backup, restore it the supported way.

    • If your passkeys were stored via something like iCloud Keychain (Apple) or Google Password Manager (Google), they may reappear on a replacement device after you restore your main account and complete verification.
    • If you set an Apple Account recovery key, recovery options can be different and stricter — follow Apple’s support steps for your setup.

  6. Start the service’s official account recovery flow from a clean browser session.

    • Use a private/incognito window on a trusted computer.
    • Type the provider’s official sign-in address yourself, then choose “Can’t sign in?” / “Forgot password?” / “Account recovery.”
    • Write down: the username/email you used, which recovery options appear, and any messages/errors.

  7. If you suspect fraud or account takeover, use official U.S. reporting routes.

    • If identity theft is involved (accounts opened, personal data misused), use IdentityTheft.gov to create a recovery plan and documentation.
    • For cyber-enabled crime (phishing, account compromise, money loss), consider filing a report with the FBI’s IC3.
    • If financial accounts are involved, contact your bank/card issuer using a known-good number from their official app/site.

What can wait

  • You don’t need to decide right now whether to switch ecosystems, replace all security settings, or rebuild every account.
  • You don’t need to recover every login today — focus on accounts that can reset other accounts (email + primary device account + financial accounts).
  • You don’t need to “optimize” your setup while stressed; the immediate goal is safe access and damage control.

Important reassurance

This lockout is a common sharp edge of passwordless logins: losing the passkey device can feel like losing the only key. Most services have recovery routes — and scams target people in this exact moment. Slow down, use official paths, and secure the missing device first.

Scope note

These are first steps only to stabilize and prevent irreversible mistakes. After you regain access, you can make the setup more resilient (extra trusted devices, recovery methods, and safer device settings) when you’re calmer.

Important note

This is general information, not legal advice. Recovery options vary by provider and your settings. If anything suggests compromise, prioritize securing your main accounts and using official reporting/support channels rather than improvised fixes.

Additional Resources
Support us