Yup.
The reason this is quite more concerning than it normally would be is because of a change Apple made several years back to stop folks going to the Genius Bar because they got themselves locked out of their Apple ID. Which was a lot, and I don’t recall Apple’s security ever being so nefarious I’d think it was that easy to get locked out of.