How to turn off two factor authentication?
You can’t.
(Sorry for the “harsh-sounding” reality)
What makes you think that you need to do so?
So … since you’re going to have to “live with it” …
Recommend that you carefully review and thoroughly digest the two fairly important and informative articles linked below.
Pay particularly close attention to thoughtfully selecting and setting up Trusted Numbers … these become critical when you need to regain access to your account (e.g. lost, damaged, or stolen device).
Two-factor authentication for Apple ID - Apple Support
and
Get a verification code and sign in with two-factor authentication - Apple Support
It's BAD ENOUGH that Apple is spying on ALL of us!! Now they won't let US protect ourselves from THEM!! ********! Thank god I've switched a year ago!! Still trying to get all my "years" of work off of all my apple tech.
Xplrr_Chick wrote:
It's BAD ENOUGH that Apple is spying on ALL of us!! Now they won't let US protect ourselves from THEM!! ********! Thank god I've switched a year ago!! Still trying to get all my "years" of work off of all my apple tech.
If you switch a year ago, why are you still hanging out here?
Xplrr_Chick wrote:
I have 10 Apple Computers in my house alone. And my entire family still have apple products. It's rather expensive to buy ALL new tech. I thought that was pretty obvious.
Not when you stated "Thank god I've switched a year ago!!"
Unfortunately, none of the options you suggested are good option.
I don't have spouse
I don't have a work number, I use my iPhone for work. Most employers in the US doesn't provide mobile phones any longer.
Google voice number; either I need to forward the Google Voice number to my phone and if my phone is not working.
Customer must have options and they should be warned when they do not have control over their own device.
Dear Mr. Cook, this is a stupid and brain dead idea. I am security professional, so I can tell you, when you force people, they will either find a workaround or simply won't' enable the feature.
Pall wrote:
Google voice number; either I need to forward the Google Voice number to my phone and if my phone is not working.
The code will be sent to your Google Voice number as an SMS text. You can login to your google account in any web browser on any platform and read the code in your messages there.
Pall wrote:
Unfortunately, none of the options you suggested are good option.
I don't have spouse
I don't, either. But I do have trusted friends.
I don't have a work number, I use my iPhone for work. Most employers in the US doesn't provide mobile phones any longer.
I don't have a work cell phone. I have a landline sitting on my desk
Google voice number; either I need to forward the Google Voice number to my phone and if my phone is not working.
You can check your Google Voice SMS messages through any web browser.
Suppose, I can always run to the public library and login from there.
Not it very user friendly, is it.
The problem is, we as consumers accept idiotic things from companies. Don’t get me wrong, I have used Apple products since the Lisa.
Apple’s recent decisions and choices are concerning and innovation is lacking.
Regarding this two factor business, not being able to shut it off stinks. I recently had to send in my iPhone for a new battery, that's another whole story, but I could not get into my Apple account due to NOT having my phone. This will be my last Apple product. I've had it.
Like I indicated earlier, sending an SMS message for 2F is insecure but lots of people continue to do it. NIST deprecated SMS code for 2F couple of years ago.
Trying to control user behavior is a loosing proposition. If it is difficult, they will circumvent. In this case, they may not use a Password at all and many don’t.
In this case, they may not use a Password at all and many don’t.
Pretty much impossible these days to have online accounts without passwords.
Resistance to online security really is futile.
Tell your bank you want to use their app without a password.
Pall wrote:
Like I indicated earlier, sending an SMS message for 2F is insecure but lots of people continue to do it. NIST deprecated SMS code for 2F couple of years ago.
Which is why 2FA doesn’t use sms.
Pall wrote:
Like I indicated earlier, sending an SMS message for 2F is insecure but lots of people continue to do it. NIST deprecated SMS code for 2F couple of years ago.
Trying to control user behavior is a loosing proposition. If it is difficult, they will circumvent. In this case, they may not use a Password at all and many don’t.
Apple 2FA codes are sent by iCloud push notification unless that is not available and you request a code to a backup SMS or voice telephone number.
You cannot create nor use an AppleID with a password - Change your Apple ID password - Apple Support
”When you create a new password, keep the following in mind:
Pall wrote:
How is the code sent?
iCloud push notification. The SMS and voice backup numbers are only there in case you don’t have a device you can receive the push notification on. In that case, you can go in and ask for a code sent to a backup trusted number.
https://developer.apple.com/notifications/ over Apple’s Apple Push Notification service (APNs). Your iCloud account has a unique device token setup for each trusted device you setup to receive AppleID 2FA push notifications.
Pall wrote:
Pleaser take look at
https://pages.nist.gov/800-63-3/sp800-63b.html
Why would I read that? What does USA government guidelines for securing USA government computers and accounts have to do with Apple 2FA? And by the way, the USA government does indeed use 2 factor logins on some of their systems. They use quite a variety of 2 factor authentication systems along with passwords, including codes, biometrics and hardware keys, depending on the nature of the data the system contains, the level of security for it, and the need for access to it. I myself have once used one USA government system in the past that used a 3 factor authentication system (password, USB hardware key and a short-lived 4 digit code).
The EU reportedly is set to pass banking legislation this year requiring all banks to set some method of 2 factor logins and make them mandatory for online banking transactions. In the USA the FFIEC has strongly recommended all US Banks similarly use multi-factor logins, although I don’t know of any law (yet) that requires USA banks to do so.
Pall seems fixated on 2 factor authentication via SMS, which indeed NIST and others have recommended be abandoned (some experts in the early 2000’s said it should never have been adopted). But NIST and other national security agencies and advisory groups have always recommended using multi-factor authentication of some kind or another, and have never published that all side-channel authentication be abandoned (just SMS). My understanding of the issue with SMS is that over the years, for cost cutting measures, the carriers themselves have removed security for it, making it vulnerable.
I have not seen anybody speaking out or publishing against push notifications as an unacceptable side channel for authentication tokens. Especially since APNS allows for encrypted push notification data payloads (https://developer.apple.com/documentation/usernotifications/unnotificationserviceextension)
How to turn off two factor authentication?
