How to turn off two factor authentication?

Sorry, but you can do neither. iOS can’t be downgraded and Apple has never had any mechanism to do so. And you can not disable two factor authentication.

And what one has to do with the other is beyond me. 2FA has nothing to do with updating iOS.

Apple has the right to set the security model for the accounts you create, and which you store sensitive information in with their systems. Your rights are to choose not to create an AppleID and not use Apple online services. But you nor I nor anyone get to dictate how Apple decides to secure the data we all voluntarily choose to host on their systems. As the stewards of the information, and thus responsible for its security, Apple, or any online services company, has the right to dictate access and security terms.

You agree to those when you choose to create an account with any online services company. Companies have been setting minimum standards for password length and complexity for decades. More and more, they are setting standards for some form of 2 factor login, or voice recognition or some additional layer of security. Since they are the ones who get sued and fined over data breaches, they have the right to secure their systems as they see fit.

Your sole right is wether you choose to use their services or not.

It has nothing to do with you nor your mental acuity. It has to do with how Apple has decided to secure the personal, private and sensitive information you have chosen to keep on their hardware in order to use their purely optional online services.

Just as you don't get to dictate to your bank how you access the information you choose to put in your secure deposit box, you don’t get to dictate how Apple secures your data you’ve chosen to put on their servers.

But what I don't get is that you don't offer support for my older macs that now won't allow me to log in because I can't put in the 2 factor code. Geesh... Come on guys.

Being informed is an important thing.

See >>> https://support.apple.com/en-ca/HT204915

Xplrr_Chick wrote:

It's BAD ENOUGH that Apple is spying on ALL of us!! Now they won't let US protect ourselves from THEM!! ********! Thank god I've switched a year ago!! Still trying to get all my "years" of work off of all my apple tech.

I am curious what, if any, voice interactive service(s) you’re using now that you trust is not spying on you? Because it sure isn’t Alexa, we all know that.

And people continue to fail to understand what Apple or any company’s 2 factor login does. It has nothing to do with you really. It is all about companies enforcing security rules for the online data you choose to store on their systems, and which they are thus legally obligated to secure. Since people sue companies over data breaches, and people are notoriously lax about their online account security, companies like Apple are taking matters into their own hands and requiring you to take at least some significant steps to secure the data you’re keeping in their hardware.

While they couch it in terms of aiding you in protecting your online ID and data (and I do actually believe they do mean that) it is really about securing their systems, and limiting their liability for your data should your data be breached and exposed because of your own lax treatment of securing your online accounts. So while Apple continues to offer expanded online services and features, to use them, you’re going to have to accept stricter security requirements to access that data.

Or you can simple choose not to use any Apple online services and never deal with Apple’s 2FA at all.

Pall wrote:

Like I indicated earlier, sending an SMS message for 2F is insecure but lots of people continue to do it. NIST deprecated SMS code for 2F couple of years ago.

Trying to control user behavior is a loosing proposition. If it is difficult, they will circumvent. In this case, they may not use a Password at all and many don’t.

It’s not just about trying to control people’s interaction with secure data. It’s also about companies limiting liability for your data that you choose to store in your online accounts with them. Apple cannot make you use a passcode on your iOS device or Mac, true, just as your home insurer cannot force you to lock your doors and windows. But that’s on you then if there is a data breach of your account(s) due to something you chose to do with your personal property. At least Apple has taken reasonable due diligence by requiring a 2 factor login procedure to your AppleID when you choose to use certain features.

What you do in terms of securing your own personal property is up to you. But since Apple is the steward of your data you’ve chosen to save on their systems, they have both the right and responsibility to enforce security on how that account is accessed.

Clearly you have done ZERO research to back up your claim. While the "2 FA vendors" have done considerable research. 2FA is not new; I had to use it 20 years ago to access my IBM account when I consulted for them. And I had to use it when I was a Sysop on CompuServe, and later on AOL. Back then it used a physical security key (RSA key) that generated a new passcode every minute. AOL's was tougher; I had to enter the generated key, then I got back another key that I had to enter.

Google requires 2FA for enterprise accounts. It can be one of several methods. The easiest is the authenticator app that you can install on your phone. It's like the physical RSA key, but in software. Google also has a USB dongle for computers that must be inserted into the computer and left there to log in. And Google supports SMS and voice as a backup method. And Google requires physical keys for its employees and contractors.

Yahoo uses a system similar to Apple's; you need any Yahoo app on your phone. When you log in on any computer device you go to the Yahoo app on any other device and you will see a prompt to allow the login.

While it is true that SMS can be hacked, it is a complex process that very few people can actually do. It either requires access to the SS7 network or bribing a carrier support technician to do a "SIM swap". This is illegal, and people who get caught go to jail. And if this happened to you it would be immediately obvious, because your phone would stop working. So SMS is much better than nothing even though it is not perfect. But it is still used by the US government agencies: IRS, Social Security and Medicare. IRS also requires a separate PIN for accounts that have been hacked in the past.

Apple's implementation does not use SMS, so any arguments you have against SMS are moot. It uses Apple's notification service, which has never been hacked.

If you would like to learn about real-world security see the blogs by Brian Krebs or Bruce Schneier.

If your Mac has El Capitan or later and is signed in to your iCloud account it is a trusted device once you have trusted it once using your iPhone or iPad. The setup and details are covered in this FAQ-->Two-factor authentication for Apple ID - Apple Support.

You would of course have to repurchase all apps, iTunes and iBooks content if you did that, all in-app purchases and subscriptions would have to paid for again as well. You would not be able to use messages in iCloud, Apple Pay, iCloud Keychain and other services as they require 2FA, and there will be undoubtedly more as time goes on.

So you would at best be staving off the inevitable for a short while.

Richthetinman wrote:

yes you can turn it off but you have delete your old save everything to your phone not your cloud which is attached too your account you have too delete and will never be able to use that email for a apple account but email will still work as email ! then you make new email address then make new apple account pay close attaention too what you say yes too in start up them one your phobe boots up first then turn off find my phone and 2nd never ever turn on 2 factor ever ! and there you go ....

That isn't "turning it off". That's creating a new account without 2FA.

Again, much of this makes no sense when discussing Apple 2 factor authentication.

"A nonenglish speaking techie turned it on when I bought a sim card..."

This is not possible unless you gave the techie your AppleID password and let then access your AppleID account. Apple 2FA has nothing to do with installing and using a SIM card, or even changing carriers. You don't even need an iPhone to set up and use Apple2FA. You do need to register one SMS capable telephone number - any SMS capable telephone number, not necessarily one associated with an Apple iPhone, will do since the SMS number is only there as a backup system in the even a push notification cannot be sent to a trusted device.

Apple 2FA is tied to your AppleID and your iCloud account used with that AppleID. 2FA codes are sent by iCloud Push Notification which is an internet protocol entirely independent of any cellular or landline telephone system. That is why and how someone with just a Mac and no iPhone can use 2FA just as easily as any iPhone user.

A code is only ever sent by SMS to a telephone number when no trusted device is logged into iCloud and available.

Checking the Trust Browser prompt writes a cookie containing your browser identification, which includes the browser, version and IP address. If your IP address changes it is no longer identified as the same browser, likewise if you update your browser version. And if you clear cookies it loses the browser identification. In any of these situations it needs to verify the browser again. Apple does not keep information about you (unlike Google), so the only place it can save your browser identification is in a cookie on your computer.

Hawkpilot73 wrote:

All I have to say is WOW. Is this every going to change? It's ridiculous!

Probably not. So, if you explain what problems you're having with 2FA, perhaps someone can help you figure out how to make it work better for you.

If you have no trusted devices or numbers, you may have to go through account recovery. But start here:

Get a verification code and sign in with two-factor authentication - Apple Support

Going forward, it's a good idea to have a trusted number in addition to trusted devices. I use my office landline as a trusted number. If you're in the U.S., a Google Voice number is also a good option as you can get access to that from almost any internet connected device.

Silly that you cannot turn it off since it DOES NOT seem to work with older devices running iOS 5.x I enter my password and the code sent on my old iPod and it always fails. Tried the same on my old iPad, and it fails. Both appear in my AppleID on the web as trusted devices.

Yes, the devices are old. All they do is play music and display photos.

Good old Apple and their forced upgrades. Make old devices which work fine to much of a pain to use thinking we will upgrade. Nope. Sorry. No happening.