User profile for user: JDD_
JDD_ Author
User level: Level 1
7 points

SMS is a really dumb way to do 2fa, can we get a proper authenticator setup?

I had to create an account for my companies app development.


Dismayed to see SMS 2fa seems to be the only option.


It's not 2002 guys.


I really don't want to setup my real number and have it leaked.


Is there an option to use authy or another proper 2fa authenticator?


SMS is *so* insecure, I am really surprised it's even an option, let alone the only one.

Posted on Apr 22, 2024 7:54 AM

Reply
Question marked as Top-ranking reply
User profile for user: Phil0124
Phil0124
Community+ 2026
User level: Level 10
221,636 points

Posted on Apr 22, 2024 9:26 AM

  1. Its not the only option. In fact its not even the primary option.
  2. Apple's two factor authentication will send the code to a trusted device as a system message first not an SMS. If no trusted device is available, then you can choose to have the code sent via SMS or even a voice call, but its entirely up to you to use this mechanism. If you have a trusted device, you never have to use SMS.
  3. The SMS option requires a number be set up ahead of time as a trusted phone number on your Apple ID before it can receive codes, you cannot just randomly enter a phone number to get an SMS. Its fairly secure since the primary purpose of TFA is accessing your Apple ID, and you cannot set up a trusted phone number for SMS without having access to the Apple ID already.
  4. click here ➜ Use two-factor authentication for your Apple ID on iPhone - Apple Support


View in context

Similar questions

7 replies
Question marked as Top-ranking reply
User profile for user: Phil0124
Phil0124
Community+ 2026
User level: Level 10
221,636 points

Apr 22, 2024 9:26 AM in response to JDD_

  1. Its not the only option. In fact its not even the primary option.
  2. Apple's two factor authentication will send the code to a trusted device as a system message first not an SMS. If no trusted device is available, then you can choose to have the code sent via SMS or even a voice call, but its entirely up to you to use this mechanism. If you have a trusted device, you never have to use SMS.
  3. The SMS option requires a number be set up ahead of time as a trusted phone number on your Apple ID before it can receive codes, you cannot just randomly enter a phone number to get an SMS. Its fairly secure since the primary purpose of TFA is accessing your Apple ID, and you cannot set up a trusted phone number for SMS without having access to the Apple ID already.
  4. click here ➜ Use two-factor authentication for your Apple ID on iPhone - Apple Support


Reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
151,805 points

Apr 22, 2024 10:21 AM in response to JDD_

JDD_ wrote:

I do not use apple products. As I mentioned, I have to have an apple ID to manage my companies app developers.

Which is not something worth risking my number leaking.


If FIDO tokens and a recovery key utilized together are inadequate for your MFA requirements, then send Apple your feedback with your comments and your preferred alternatives:


Reply
User profile for user: Phil0124
Phil0124
Community+ 2026
User level: Level 10
221,636 points

Apr 22, 2024 10:18 AM in response to JDD_

  1. As long as the dummy number can get SMSs messages it should work. Why do you assume it will leak from Apple? Apple has no known data leaks of any kind.
  2. Unless you are continually signing in from a different device or web browser or never trust the browser you are using, you should only need to get a 2FA code once in a very long while. Once the web browser and device have been trusted, it should let you log in without the need for a code.
  3. Why do you assume outsourcing the 2FA process to a third party authenticator app would be more secure? You trust Microsoft's Authenticator or Google's Authenticator over Apple's own internal mechanism?


I much prefer Apple's higher security method, that having to use other authenticator apps to get a code.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

SMS is a really dumb way to do 2fa, can we get a proper authenticator setup?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up