User profile for user: ab406
ab406 Author
User level: Level 1
4 points

Apple 2FA

I was the victim of SIM swap about 3 yrs ago. It was devastating. I’ve always felt good that Apple uses 2FA, but I’ve come to realize that this, too, is based on your phone number, and not the device. Please tell me I’m wrong? If this is correct, then SIM swap could lead to a hijack of my iCloud email. Google allows

for the use of security keys, like Yubikey, which is amazing. When will Apple accept this?

Posted on Apr 20, 2021 9:00 AM

Reply
Question marked as Top-ranking reply
User profile for user: Tesserax
Tesserax
User level: Level 10
157,902 points

Posted on Apr 20, 2021 9:19 AM

ab406 wrote:

I’ve always felt good that Apple uses 2FA, but I’ve come to realize that this, too, is based on your phone number, and not the device. Please tell me I’m wrong?

With 2FA, your Apple ID account can only be accessed on devices you trust. To sign in to a new device, you will need to provide your password and a six-digit verification code that would automatically be displayed on your trusted devices.


2FA requires two things:

  1. A trusted device - A trusted device would be an iPhone, iPad, iPod touch with iOS 9+, or a Mac running OS X El Capitan or later that has already been signed into two-factor authentication.
  2. A trusted phone number - A trusted phone number is a number that can be used to receive verification codes by text or phone call. You must verify at least one trusted phone number to enroll in two-factor authentication.


However, 2FA does NOT require an iPhone to either set up or use it. You can have verification codes sent to any trusted phone number -- those can be Android or other non-Apple phones and even to landlines.


For the iPhone, a SIM card only contains data from your cellular provider. It does not contain anything related to your Apple ID.


Regardless, if you believe that your Apple ID is compromised, I suggest that you review the following support article:

View in context

Similar questions

1 reply
Question marked as Top-ranking reply
User profile for user: Tesserax
Tesserax
User level: Level 10
157,902 points

Apr 20, 2021 9:19 AM in response to ab406

ab406 wrote:

I’ve always felt good that Apple uses 2FA, but I’ve come to realize that this, too, is based on your phone number, and not the device. Please tell me I’m wrong?

With 2FA, your Apple ID account can only be accessed on devices you trust. To sign in to a new device, you will need to provide your password and a six-digit verification code that would automatically be displayed on your trusted devices.


2FA requires two things:

  1. A trusted device - A trusted device would be an iPhone, iPad, iPod touch with iOS 9+, or a Mac running OS X El Capitan or later that has already been signed into two-factor authentication.
  2. A trusted phone number - A trusted phone number is a number that can be used to receive verification codes by text or phone call. You must verify at least one trusted phone number to enroll in two-factor authentication.


However, 2FA does NOT require an iPhone to either set up or use it. You can have verification codes sent to any trusted phone number -- those can be Android or other non-Apple phones and even to landlines.


For the iPhone, a SIM card only contains data from your cellular provider. It does not contain anything related to your Apple ID.


Regardless, if you believe that your Apple ID is compromised, I suggest that you review the following support article:

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Apple 2FA

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up