Yes. The Account endpoint/URL is a protected resource that requires a valid signature for reads and writes.
Once an AccountKey is used in the system, it is blacklisted for all other users to create new accounts with. (Someone can not create a new account with that key). [See sections 11.1 and 7.3.1]
There are 3 endpoints that involve what you want to do:
- Account Update (section 7.3.1); only really handles contact email address
- Account Key Rollover (section 7.3.2); requires having both account keys. lets you update the account to use KeyB from KeyA
In the OP's case, the key takeaway is that "losing account keys is unfortunately pretty common, and the common fix is to generate a new account key and just do everything with a new account"
The main thing an account key does for 99.999% of users, is simplify the revoke operations (which can also be done with a Certificate+PrivateKey). For .0001% of users, they have RateLimit exceptions tied to their AccountKey. But for the rest of us, AccountKeys can be ephemeral.