An Apple ID is a powerful hub for one’s Apple-centric identity. However, what if you use your Apple ID within an organization—an organization that needs access to Apple ID-linked purchases, email, developer resources, and other Cupertino-connected sites and services—and you’re retiring or moving to another place of employment?
Take measures before it’s too late for the handoff. This is especially important when two-factor authentication (2FA) is enabled, because your former group could wind up locked out of an account.
First, Apple lets you change the address associated with an Apple ID under a variety of circumstances. The easiest method is if you’re using an address that’s anything but an Apple-managed one that ends in mac.com, me.com, or icloud.com, as you can change that address to anything—including an Apple-managed one. (I provide the step-by-step instructions in this November 2018 column.)
In an institutional environment, like a college or company, where the Apple ID is an address managed by the organization, I suggest that the folks taking over the account create a new account that’s more generic. One reader is retiring from his college, and the Apple ID for his team’s Apple Developer project is his address, which will retire with him.
Instead of pointing the Apple ID to another individual’s address, the group could create firstname.lastname@example.org and use that. Internally, that address could forward to one or more individual tasked with managing associated Apple services. Then, if Apple changes Apple ID policies about modifying the email address in the future, this change protects against any limitations.
(Another solution may be preserving someone’s old email address and setting up a permanent auto-reply that explains they have left or retired, and only using the incoming email box to check for verification messages or to send email required to verify access for Apple or other services.)
If someone is using a personal mac.com, me.com, or icloud.com address, there’s no way to shift that over to another address. Apple only allows Apple IDs to move among third-party email addresses. With an Apple-managed address, you can only swap among available aliases, shown at appleid.apple.com when you log in and click Edit to the right of the Account section and then click Change Apple ID. For me, since I’ve had an Apple account for so long, I can pick among mac.com, me.com, and icloud.com with the same account prefix; for later Apple service joiners, you may have only two choices or no choices at all.
Second, since two-factor authentication is almost certainly enabled for any Apple ID currently in use because of how Apple has encouraged or required its use, consider also adding additional trusted phone numbers to the Apple ID account. This can help prevent loss of access in case something goes wrong with the primary email address before or after changing it.
A trusted phone number can receive either a text message via SMS or a call with an automated voice that speaks a code. You can add a trusted phone in three ways:
- At appleid.apple.com, click the Edit button to the right of the Security section, and then click Add a Trusted Phone Number. Follow the steps for verification.
- In iOS and iPadOS, go to Settings > account name > Password & Security, tap Edit next to the Trusted Phone Numbers label, tap Add a Trusted Phone Number, and follow the steps.
- In macOS Mojave and earlier, open the iCloud preference pane, click Account Details, click Security, and click the + (plus) sign below the list of Trusted Phone Numbers. Follow the steps to verify a number.
- In macOS Catalina, open the Apple ID preference pane, click Password & Security, click Edit to the right of Trusted Phone Numbers, click the + (plus) sign at the bottom, and follow the steps to add and verify a number.
Now, you have a belt and suspenders in case when the original email account something goes wrong and you need additional connections to the Apple ID if you have to contact Apple for help in recovering access.