How to turn off two factor authentication?

proaudioguy wrote:

I do not like 2 factor authentication. What I can't figure out is why my WIFE gets the authentication number instead of me. It even shows MY phone number in the settings!

Your wife is getting the code because her device is, apparently, listed as one of your trusted devices. See this article for more information on managing trusted devices:

https://support.apple.com/en-us/HT204915#manage

Of course, having her use only her own Apple ID on her phone would also solve the problem.

If you enabled it less than 2 weeks ago find the email confirmation (which you may have deleted). There will be a link in it to disable 2 factor authentication. if it is more than 2 weeks then you cannot remove it.

See this Apple support link-->Two-factor authentication for Apple ID - Apple Support

This is a user-to-user technical support forum. We can't change anything about your account. And posting your phone number in a public forum visible to anyone on the Internet (that's billions of people) is not a good idea.

You can use this link for help, but unless you have an alternative way to receive authorization codes all they can do is recover your account, which can take a long time. Use this link-->Contact Apple for help with Apple ID account security - Apple Support

Use account recovery - https://support.apple.com/en-us/HT204921 - there is a Contact Apple link there for additional help.

When you enable 2FA, the security questions are gone - that’s the whole point of 2FA - your account access no longer relies on simple question and answers which is inherently a less secure method of protecting online accounts.

A business should not be sharing an Apple ID among employees. NEVER. NEVER. NEVER. That is the complete extent of your problem. Each phone needs its own Apple ID. If you need central management Apple offers that service as Mobile Device Management. If you don't share Apple IDs the problem goes away. Along with a dozen other problems, such as shared texts, shared contacts, if anyone with a phone changes the Apple ID password then no one can access their Apple ID.

Here's information on MDM:Get started using Apple Business Manager or Apple School Manager with Mobile Device Management - Apple Support

OK, let ME clarify, since you didn't bother to do the research. On older devices you append the 2FA code to the passcode when signing in. See-->Two-factor authentication for Apple ID - Apple Support

Specifically:

What if I use two-factor authentication on a device running older software?

If you use two-factor authentication with devices running older OS versions—like an Apple TV (2nd or 3rd generation)—you might be asked to add your six-digit verification code to the end of your password when signing in. Get your verification code from a trusted device running iOS 9 and later or OS X El Capitan and later, or have it sent to your trusted phone number. Then type your password followed by the six-digit verification code directly into the password field.

minchin001 wrote:

Thanks for the reply but that's not the point. Apple should give back to the users if they still want that much security.

Give back....what?

Regardless of what you think Apple should or should not do, what they are doing is implementing 2FA. So, currently, your choices are to learn to use it, thus reducing your overall frustration or continue to be frustrated and complain.

Assuming you opt for the former rather than the latter, start here:

Two-factor authentication for Apple ID - Apple Support

SimonSubsonic wrote:

Two Factor Authorization is one of the Blaine of my life. I travel a lot but have medical problems to like to travel as light as possible. I don’t always want to have 2 devises with me or I will be using a temporary foreign SIM card.

2FA doesn't require that you have two devices with you. It sounds as if you don't quite understand how 2FA works. Start by reading this article:

Two-factor authentication for Apple ID - Apple Support

Under what circumstances are you needing to use 2FA on your device? I haven't had to use 2FA on my iPhone since I set it up originally. If you explain exactly what problems you're having, I'm sure someone can walk you through how to use 2FA properly.

Yes, the un-enrollment option only applies to existing AppleIDs not previously used with 2FA and that update to 2FA. Those have a 2 week window to un-enroll in the updated security system. Any new AppleID made now is required to use Apple 2FA. It has been that way for awhile now.

Two-factor authentication for Apple ID - Apple Support

Violet666 wrote:

Why don't we have the option to turn it off???? This is ridiculous, there are times I don't have my phone or maybe the phone is broken; then what do we do???? I never turned this on to begin with. You need to change this!!!!!

I don't need to change anything. Like everyone else in this thread, I'm a user. If you want Apple to know how you feel, use the feedback page:

Product Feedback - Apple

If you have 2FA properly configured with additional trusted devices and/or numbers, it won't matter if your phone is broken.

Probably you, if you didn't follow the 2 factor set up instructions and set up alternate ways of getting authorization codes. If you did do that just use one of the alternate methods, which can be another Apple device or any phone number (even a landline).

But if you follow the restore instructions you shouldn't need to use an authentication code to restore an iPhone. You don't even need to have an Apple ID. Click on this blue Apple support link--> Restore your iPhone, iPad, or iPod to factory settings - Apple Support

If the phone is Activation Locked go to https://icloud.com/find and remove the phone from your account. You also don't need an authentication code for this link.

Pall wrote:

How is the code sent?

iCloud push notification. The SMS and voice backup numbers are only there in case you don’t have a device you can receive the push notification on. In that case, you can go in and ask for a code sent to a backup trusted number.

https://developer.apple.com/notifications/ over Apple’s Apple Push Notification service (APNs). Your iCloud account has a unique device token setup for each trusted device you setup to receive AppleID 2FA push notifications.

Pall seems fixated on 2 factor authentication via SMS, which indeed NIST and others have recommended be abandoned (some experts in the early 2000’s said it should never have been adopted). But NIST and other national security agencies and advisory groups have always recommended using multi-factor authentication of some kind or another, and have never published that all side-channel authentication be abandoned (just SMS). My understanding of the issue with SMS is that over the years, for cost cutting measures, the carriers themselves have removed security for it, making it vulnerable.

I have not seen anybody speaking out or publishing against push notifications as an unacceptable side channel for authentication tokens. Especially since APNS allows for encrypted push notification data payloads (https://developer.apple.com/documentation/usernotifications/unnotificationserviceextension)

You will have no problem with Androids, as the have always been trivially easy to hack. So enjoy them. It's a much easier solution than using Apple products in the way they were designed to be used.

See the 4th item in this FAQ-->https://appleid.apple.com/faq/#!&page=faq

Michael Black is saying you should be using Apple's Managed Deployment service rather than sharing an Apple ID among a large group, which, to be frank, is one of the stupidest ideas I have seen in a long time.

Use Device Enrollment - Apple Support