Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Is it possible to remove SMS from second factor authentication?

W

Wolfpup

macrumors 68030
Original poster
Sep 7, 2006
2,930
105
My AppleID is getting locked constantly, presumably because some bad guy somewhere is trying to log in to it.

I’m playing around with “second factor authentication” to see if I can get the locking to stop, only I can’t find a way to disable SMS as a “second factor”...is there?

SMS makes your account LESS secure, not more. Even with the new iOS 14 “recovery key” on your account, which seems to claim you either need a logged in Apple OS device OR your recovery key, it’s STILL letting me request an SMS password, thus completely negating my account’s security.

Is there some way to remove SMS so it can (as it seems to claim) ONLY use another apple device or your recovery key?

It sounds like you only have two weeks to disable “second factor” and then no longer can, sooooo if I can’t remove sms, I guess I need to turn this off fast.

I’m getting incredibly sick of apple locking my account every day or two. Strongly considering buying an Apple TV, but I don’t want to deal with this when watching tv too.
 
Spit balling here, but having read your other thread about the same issue, what if you created a new email for your Apple ID and that’s all it was used for? Additionally use a Google voice phone # for your 2FA, but don’t share it or the new email with ANYONE.
 
7thson said:
Spit balling here, but having read your other thread about the same issue, what if you created a new email for your Apple ID and that’s all it was used for? Additionally use a Google voice phone # for your 2FA, but don’t share it or the new email with ANYONE.
Click to expand...

i did just switch my number to my google account, which effectively ties my apple account’s security my google account, but at least it’s more secure than normal SMS is.

I’ve turned on “recovery key”, which was apparently just rolled out with iOS 14, but apple still “helpfully” sends sms codes when I’m trying to log in to something.

I guess supposedly with recovery key on, it’s impossible to change my apple password without the key or a logged in apple device, but it would still be possible to log in to my account with sms.

They should have the option to remove sms, but don’t seem to.

I don’t know, maybe this is no worse than I had before, but I also dislike that you can’t turn this off after 2 weeks, and that don’t explain what they’re using it for. Hell, I had to just find out accidentally about “Universal Clipboard”, and nowhere does apple explain how it works, if THEY ever have the contents of your clipboard or if it’s only sent locally. And it defaults to on, not actually any separate toggle for it either.

Windows defaults it off, I think, and more clearly explains what’s going on
 
Wolfpup said:
My AppleID is getting locked constantly, presumably because some bad guy somewhere is trying to log in to it.

I’m playing around with “second factor authentication” to see if I can get the locking to stop, only I can’t find a way to disable SMS as a “second factor”...is there?

I’m getting incredibly sick of apple locking my account every day or two. Strongly considering buying an Apple TV, but I don’t want to deal with this when watching tv too.
Click to expand...

Maybe I don't understand and am off base here - but isn't that the purpose of the 2 factor “second factor authentication” ? To stop the bad guys?

If that was happening to me - i would be making sure i had a very strong - unique password for my apple ID - especially if they are repeatedly trying to hack your apple ID

then again it could be from some login issues - multiple macs iOS devices with the wrong logins ?
 
The "second factor" is not why the account is getting locked. It gets locked because there are unsuccessful password attempts (first factor). Whoever it is will not get to the second factor at all unless they get the first factor correct.

As to SMS... unless the person who knows your email address (and guesses the password) also knows your phone number AND can successfully take over your telephone account in order to intercept those SMS messages, SMS is not the real problem.

To solve your problem, change the email you use for your Apple ID. https://support.apple.com/HT202667

Maybe there's someone who is trying to get into your account. It's also possible this is all an accident - your email address is similar to someone else's, and they are mis-remembering/mis-typing their own address.
 
ApfelKuchen said:
The "second factor" is not why the account is getting locked. It gets locked because there are unsuccessful password attempts (first factor). Whoever it is will not get to the second factor at all unless they get the first factor correct.

As to SMS... unless the person who knows your email address (and guesses the password) also knows your phone number AND can successfully take over your telephone account in order to intercept those SMS messages, SMS is not the real problem.

To solve your problem, change the email you use for your Apple ID. https://support.apple.com/HT202667

Maybe there's someone who is trying to get into your account. It's also possible this is all an accident - your email address is similar to someone else's, and they are mis-remembering/mis-typing their own address.
Click to expand...
That is a good point on the possible closeness of Apple ID's. I have an iCloud alias that is the same address as another person's Apple ID save the single period I use in the name.
 
Well, if nothing else I turned on so-called “second factor” and have had no issues since. I don’t think it lets you log in with JUST SMS so it shouldn’t be any less secure, hopefully...

glad I’m not having issues as it was pissming my off, and would be even more annoying now that I have an AppleTV.
 
Wolfpup said:
Well, if nothing else I turned on so-called “second factor” and have had no issues since. I don’t think it lets you log in with JUST SMS so it shouldn’t be any less secure, hopefully...

glad I’m not having issues as it was pissming my off, and would be even more annoying now that I have an AppleTV.
Click to expand...
SMS being used as the 2nd factor is optional, and less secure -- and generally not a good idea unless you don't have a trusted device and need to send the code to a different device via SMS.

Normally, two factor authentication pushes the code directly to all your trusted devices, not via SMS. You can send an SMS code to one of your trusted phone numbers, but that is only an option if you don't have a trusted device with you (you can also choose to get a phone call to your trusted phone number).
 
Cmd-Z said:
SMS being used as the 2nd factor is optional, and less secure -- and generally not a good idea unless you don't have a trusted device and need to send the code to a different device via SMS.

Normally, two factor authentication pushes the code directly to all your trusted devices, not via SMS. You can send an SMS code to one of your trusted phone numbers, but that is only an option if you don't have a trusted device with you (you can also choose to get a phone call to your trusted phone number).
Click to expand...

It’s not optional. There’s no way to turn off insecure stuff like sms. I guess it doesn’t really decrease security though as I think you still need the password. (I hope...)
 
Wolfpup said:
It’s not optional. There’s no way to turn off insecure stuff like sms. I guess it doesn’t really decrease security though as I think you still need the password. (I hope...)
Click to expand...
Maybe there's a misunderstanding. From the perspective of the legitimate user, using SMS is optional ... the verification is normally pushed directly to the device, not via SMS (unless you choose to receive it that way).

Is your concern that someone trying to hack into your account could make this choice and have the code sent via SMS, and then intercept it? They would have to know your Apple ID password, and the phone number designated as a trusted number, and have the technical capability to intercept SMS messages to that number. Pretty tall order ...
 
Cmd-Z said:
Maybe there's a misunderstanding. From the perspective of the legitimate user, using SMS is optional ... the verification is normally pushed directly to the device, not via SMS (unless you choose to receive it that way).

Is your concern that someone trying to hack into your account could make this choice and have the code sent via SMS, and then intercept it? They would have to know your Apple ID password, and the phone number designated as a trusted number, and have the technical capability to intercept SMS messages to that number. Pretty tall order ...
Click to expand...

well sms is totally insecure, but so long as they also require a password, it shouldn’t make the whole system less secure, unless it allows you to bypass the password.

And it’s not optional with Apple (nor most companies unfortunately). It can’t be disabled and gives you the option every time to use it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back