Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Forced Two-Factor Authentication

K

Kagami190

macrumors member
Original poster
Aug 1, 2013
34
19
Soooo.... interesting....

I just recently started sharing purchases with my family via Family Sharing so in an effort to avoid having my contacts/calendars/pics combined with someone else I created a new iCloud account for myself.

I signed out of the iTunes Apple ID from iCloud awhile back and I made the decision to create the Apple ID after updating the iOS to 10.3 (I know... I was going bare with no iCloud sync/backup cushion but if something had happened to the phone I would have taken responsibility)

Anyway, I created a new @icloud.com Apple ID at the setup screen and immediately it asks me for my phone number, alerting me that I will enter a six digit code sent to this phone number to log into my Apple ID. There is no tiny "skip" link anywhere, just a "learn more" link. Because I don't see a way forward, I put in my phone number and resolved to turn it off later (I've accidentally turned it on in the past and have turned it right off because I find it annoying... though I understand the difference in security)

I got to settings to turn it off and... there is no button for it! It says two-factor authentication is on but it's greyed out and I can't turn it off!

So I log onto applied.apple.com with my computer (a MacBook Air) and sign into my new account with two factor authentication. I navigate to security and under two-factor authentication ... there is no option to turn off!!

I think Apple has started to not just strongly suggest two-factor authentication but (with new accounts) forcing it on with no option to turn it off!! I've been meaning to call AppleCare to get them to look into it but for now it's just a minor inconvenience. Still sucks though :(
 
K

Kagami190

macrumors member
Original poster
Aug 1, 2013
34
19
C DM said:
They typically offer to enable it during the upgrade process, but there's an option to decline that.
Click to expand...

I hear what you're saying, and I know what you're saying to also be true. I have declined that option myself many times after an upgrade.

This however seems specific to me having created the account on the device itself after the 10.3 update. There is legitimately no way for me to turn off two-factor authentication. Not even on appleid.apple.com - the turn off feature is gone. Just a "learn more" link
 

Attachments

  • IMG_0201.jpg
    IMG_0201.jpg
    99.5 KB · Views: 126
C

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
Kagami190 said:
I hear what you're saying, and I know what you're saying to also be true. I have declined that option myself many times after an upgrade.

This however seems specific to me having created the account on the device itself after the 10.3 update. There is legitimately no way for me to turn off two-factor authentication. Not even on appleid.apple.com - the turn off feature is gone. Just a "learn more" link
Click to expand...
Sounds like you might want to contact Apple about it.
 
E

Erdbeertorte

Suspended
May 20, 2015
1,180
500
That's strange. I can still turn it off here on my Mac in Safari and Firefox: https://appleid.apple.com/account/manage

I have iOS 10.3.2 Beta and macOS 10.12.5 Beta installed on all devices and already turned it off a few weeks ago for a while when I still was on iOS 10.3 Beta and macOS 10.12.4 Beta.


Screen Shot 2017-04-01 at 07.15.23.png
Screen Shot 2017-04-01 at 07.22.20.png


Edit:

Also no problems turning it off in Safari on my iPhone:

2017-04-01 07.30.37.png
 
Last edited:
bopajuice

bopajuice

Suspended
Mar 22, 2016
1,571
4,348
Dark side of the moon
Excuse me for asking but why is two factor authentication even needed? Forgetting your password sounds more like an excuse to obtain your phone number. Several sites or accounts I have used have asked me to add a phone number. I don't do it.

Just another piece of my personal information to add to someone's database.
 
  • Like
Reactions: LizKat and tonyr6
C

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
bopajuice said:
Excuse me for asking but why is two factor authentication even needed? Forgetting your password sounds more like an excuse to obtain your phone number. Several sites or accounts I have used have asked me to add a phone number. I don't do it.

Just another piece of my personal information to add to someone's database.
Click to expand...
That's not quite what 2-factor authentication is: https://support.apple.com/en-us/HT204915
 
LizKat

LizKat

macrumors 604
Aug 5, 2004
6,770
36,283
Catskill Mountains
My problem with this stuff is it's not invariably made clear at the (sometimes unexpected) time a sign-in to "your Apple ID" is requested, which one is needed-- for those who have one for iTunes / iBookstore / Apple Music use, and a separate one for iCloud and cloud related apps like Notes or Mail etc.

I read that support document about 2FA at https://support.apple.com/en-us/HT204915 and it doesn't say anything about what to do if you have more than one Apple ID. I have occasionally "guessed wrong" about which ID to supply after an update to some mobile device or laptop and gotten a whole raft of error messages about how my ID is invalid or it can't find my data etc etc. Now with 2FA if I mess up after an upgrade, it sounds like I'll have even more ways to go astray. I wonder if I'll end up with a whole bunch of expensive bricks and two dead Apple IDs. And I wonder how to keep that from happening. For the moment my solution is skip the upgrade.
 
K

Kagami190

macrumors member
Original poster
Aug 1, 2013
34
19
Update:

So I called AppleCare and they had a "senior advisor" look at it. He didn't know the answer at first but called me back the next day.

It seems my theory was correct.
Apple IDs that are created on a 10.3 device or higher will have two-factor enabled with no option to turn it off.

The Rep advised that if I wanted a non-two factor appleID that I would simply need to create the Apple ID outside of the os environment (IE: instead of the menus and settings of iOS/macOS , through the Apple ID/iCloud site itself) I noticed that this meant any @icloud.com Apple ID henceforth created anew by anyone on an Apple device would be forced into 2-factor.

There's the answer. As for me, I started a separate gmail account and set up a non two-factor ID for my iCloud (the turn off/on link is there now)

To recap:

If you have an already created Apple ID, you can still opt out of two factor and nothing changes

If you CREATE a NEW Apple ID within iOS with 10.3 or higher, Apple tells me two-factor is not negotiable any longer and it will automatically be turned on without option to turn off.

EDIT:

Apples support article at https://support.apple.com/en-us/HT204915 seems privy to this info (why I didn't look before I don't know) it seems to be the same case with the newest 10.12.4 Sierra update too. Doesn't mention not being able to turn it off though...

"Some Apple IDs created in iOS 10.3 or macOS 10.12.4 and later are protected with two-factor authentication by default. In this case, you see that two-factor authentication is already turned on."
 
Last edited:
P

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
What's the big deal about have 2 factor authentication on? It's a very slight pain when getting a new device, but once set up, you don't have to worry about it anymore. I just don't get it at all.
bopajuice said:
Excuse me for asking but why is two factor authentication even needed? Forgetting your password sounds more like an excuse to obtain your phone number. Several sites or accounts I have used have asked me to add a phone number. I don't do it.

Just another piece of my personal information to add to someone's database.
Click to expand...
Yeah, do some research...
So you don't want extra security on email that's connected to your bank account? You don't want extra security in other important on-line accounts?

Here is some info:
http://wtop.com/news/2014/08/column-what-is-2-step-verification-and-how-do-i-use-it/

Info about Apple's 2 factor authentication:
https://support.apple.com/en-us/HT204915
 
Last edited:
K

Kagami190

macrumors member
Original poster
Aug 1, 2013
34
19
Primejimbo said:
What's the big deal about have 2 factor authentication on? It's a very slight pain when getting a new device, but once set up, you don't have to worry about it anymore. I just don't get it at all.

Yeah, do some research...
So you don't want extra security on email that's connected to your bank account? You don't want extra security in other important on-line accounts?

Here is some info:
http://wtop.com/news/2014/08/column-what-is-2-step-verification-and-how-do-i-use-it/

Info about Apple's 2 factor authentication:
https://support.apple.com/en-us/HT204915
Click to expand...

Not sure about others, but I definitely agree that two-factor is all around a good thing. I'm just concerned if I ever lose one of my trusted devices/phone number. I've had to do two-factor account recovery before and it's horrible and took two months almost.

I'm very self-aware though. Right now it's a terrible inconvenience but I'm sure once the rest of the consumer tech world adopts it, it'll be just another password thing in a few years. I'd just like the option to be held responsible for my own security

That's probably what all this is about anyway. With celebrities and the like getting their iCloud hacked (or more accurately; passwords guessed) all apple can do to protect their reputation is to force it on all their dumb customers who don't think they need it. But... that comes off really crappy in my opinion
 
  • Like
Reactions: LizKat
LizKat

LizKat

macrumors 604
Aug 5, 2004
6,770
36,283
Catskill Mountains
Kagami190 said:
Not sure about others, but I definitely agree that two-factor is all around a good thing. I'm just concerned if I ever lose one of my trusted devices/phone number. I've had to do two-factor account recovery before and it's horrible and took two months almost.

I'm very self-aware though. Right now it's a terrible inconvenience but I'm sure once the rest of the consumer tech world adopts it, it'll be just another password thing in a few years. I'd just like the option to be held responsible for my own security

That's probably what all this is about anyway. With celebrities and the like getting their iCloud hacked (or more accurately; passwords guessed) all apple can do to protect their reputation is to force it on all their dumb customers who don't think they need it. But... that comes off really crappy in my opinion
Click to expand...

Living in a dead zone for cellular signals, all this stuff about getting a texted 2FA code would be a pain in the neck -- so I may pick my landline instead, for a phone call to get the code. But then sometime I'll be elsewhere and have to hope my answering machine pickup on remote will have what I need? I hestitate to specify my iPhone and then have to rely on WiFi calling working fine when I have to use it to get a code off a text to the iPhone in my residential dead zone.

I dunno. I'm sure it would work fine for people with "normal" cell service and reliable internet connections. In the boondocks, with DSL that sometimes takes a hike when the wind blows or it rains... I'm not looking forward to this "enhancement." Nonetheless I read up on the latest update and want to apply it so... guess I'm up for the experience of two factor authentication after all.
 
  • Like
Reactions: tonyr6
P

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
Kagami190 said:
Not sure about others, but I definitely agree that two-factor is all around a good thing. I'm just concerned if I ever lose one of my trusted devices/phone number. I've had to do two-factor account recovery before and it's horrible and took two months almost.
Click to expand...
at least you were able to recover it. The 1st version of Apple's 2SA, you were out of luck and had to start all over. How did you lose your phone number and trusted device? Don't most people lose their phone just get another one and use the same number, even if it's after a few days or weeks?


LizKat said:
Living in a dead zone for cellular signals, all this stuff about getting a texted 2FA code would be a pain in the neck -- so I may pick my landline instead, for a phone call to get the code. But then sometime I'll be elsewhere and have to hope my answering machine pickup on remote will have what I need? I hestitate to specify my iPhone and then have to rely on WiFi calling working fine when I have to use it to get a code off a text to the iPhone in my residential dead zone.


I dunno. I'm sure it would work fine for people with "normal" cell service and reliable internet connections. In the boondocks, with DSL that sometimes takes a hike when the wind blows or it rains... I'm not looking forward to this "enhancement." Nonetheless I read up on the latest update and want to apply it so... guess I'm up for the experience of two factor authentication after all.
Click to expand...

You can set up an authenticator app so you don't need cell service. You don't even need cell service at all with these and I think I have 1 account that doesn't support it, Instagram. Even then I just needed it one time when I logged into the app and haven't needed it since. Facebook, gmail, hotmail/outlook, Dropbox, twitter, and others all support authenicators. Apple doesn't, but they have their own that you don't need cell service to use.

Google Authenticator by Google, Inc.
https://appsto.re/us/fdakx.i
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom