Yes. The Account endpoint/URL is a protected resource that requires a valid signature for reads and writes.
Once an AccountKey is used in the system, it is blacklisted for all other users to create new accounts with. (Someone can not create a new account with that key). [See sections 11.1 and 7.3.1]
There are 3 endpoints that involve what you want to do:
- Account Update (section 7.3.1); only really handles contact email address
- Account Key Rollover (section 7.3.2); requires having both account keys. lets you update the account to use KeyB from KeyA
- NewAccount
In the OP's case, the key takeaway is that "losing account keys is unfortunately pretty common, and the common fix is to generate a new account key and just do everything with a new account"
The main thing an account key does for 99.999% of users, is simplify the revoke operations (which can also be done with a Certificate+PrivateKey). For .0001% of users, they have RateLimit exceptions tied to their AccountKey. But for the rest of us, AccountKeys can be ephemeral.