macOS Screen Time can be bypassed if you know the device passcode

I just discovered something that seems like a serious design flaw in macOS Screen Time.

If “Require Password” is enabled for Media & Purchases and you try to download an app from the App Store, macOS asks for the Apple ID password. If you select “Forgot password”, you can reset the Apple ID password using only the local Mac device passcode.

That means anyone who knows the Mac’s passcode can:

• Reset the Apple ID password
• Gain full control of the Apple ID
• Disable or reset all Screen Time restrictions

Since using the Mac already requires knowing the device passcode, this effectively makes Screen Time unenforceable on macOS. The local device PIN implicitly grants Apple ID and Screen Time control.

This is especially problematic for parental controls or self-control use cases. Screen Time was the main reason I switched from Android to Apple, and discovering this makes it feel largely ineffective on Macs.

Is this expected behavior? Has anyone else noticed this, or found a way to properly lock Screen Time down?

Same goes for Iphone with Face-ID btw.