Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iphonefreak450

macrumors 6502a
Original poster
Dec 14, 2014
572
105
I’m wondering if what would happen if my iPhone is lost, stolen, or even suddenly dies and I can’t login to my Apple accounts because I wouldn’t have the phone with me to receive the verification codes?

What happens then?

Any advice?

I DID NOT lose my phone and my phone is with me. But I’m just planning on how to access my Apple accounts in case I don’t have my iPhone with me.

Also, what happens if I get a new SIM card with a new phone number? Will I need to first login to my Apple accounts first by receiving the verification codes from the current SIM card number and then add the new number under my Apple ID account settings under the Two Factor Authentication section and once that’s done, then I can safely remove the previous old number?
 
  • Like
Reactions: compwiz1202

Shirasaki

macrumors G5
May 16, 2015
13,940
8,540
Well, sadly there’s no option to not have 2FA enabled anymore.
All you can do is either get a second apple device capable of receiving code with you, or get a backup phone that can at least receive text message. 2FA design clearly has no regard on what user Should do if they only have one apple device and don’t want someone else share necessary 2FA info.
 

now i see it

macrumors G3
Jan 2, 2002
9,758
19,652
I’m wondering if what would happen if my iPhone is lost, stolen, or even suddenly dies and I can’t login to my Apple accounts because I wouldn’t have the phone with me to receive the verification codes?

What happens then?

If you lose your 2FA verification iPhone — you’re royally screwed.

You’ll need to get another phone (Android is fine) that can receive texts AND you’ll have to get another SIM with your phone number - by contacting your cell provider.
Yeah - 2FA is a disaster in the making if you lose your main phone.

Everybody should have a spare old iPhone in a drawer because what if your main phone suddenly stops working?
 

iphonefreak450

macrumors 6502a
Original poster
Dec 14, 2014
572
105
It worked 👍👍👍👍👍
Thanks so much.

As for switching SIM cards with a new number, ALWAYS use the current SIM number when signing into Apple account, that way the codes can be used from the current SIM number BEFORE adding the new number under the Apple account two factor authentication settings.
 
Last edited:

okkibs

macrumors regular
Sep 17, 2022
140
105
No need to be scared about being locked out of your account when you do your homework ahead of time.
Although realistically, who still has a landline nowadays, or multiple phone numbers? I have one mobile phone number and that's it. My house doesn't even have the old analogue phone infrastructure connected, and if I wanted a landline number I'd have to pay extra for a VoIP number from the ISP just so that I can get robocalled? I'll pass.

Can I enter my wife's number? She has hers already registered for her own Apple account. I assume it would work regardless. But again, many people these days have a single phone number and unless they have a family member they trust with it, they won't have an additional number to add.

For work I was provided a yubikey, for banking chipTAN and for virtually everything else TOTP/HOTP codes are used. Apple is in fact the only account I have where it sends me a code to my phone.

Keep in mind the only reason I even have a phone number these days is so that the phone has internet access. For actually talking on the phone these days I use facetime and signal. I haven't received a regular text message that was anything other than a verification code in years. I guess it's still required in order to be able to make 911 calls.

At home my phone's on airplane mode entirely just with Wifi enabled...

I understand Apple isn't going to raise its security bar to the chipTAN level of my bank, but if offline generated OTP codes are plenty to use Paypal with, then why isn't it good enough for Apple?

The one drawback TOTP/HOTP has is that the codes aren't bound to a specific interaction/transaction. That is the main reason they can't be used for banking as authentication codes need to be generated for and bound to a specific interaction. But Apple isn't a bank, so I can't imagine what their issue is.
 

Shirasaki

macrumors G5
May 16, 2015
13,940
8,540
I wish Apple would be able to add email option for receiving the codes as well.
There are people out there saying sms/email 2FA code option should not be allowed. And given how easy it is to spoof an email account to intercept 2FA (probably just as easy as sms tbf), I don’t think Apple will add email as 2FA option later.

The problem of mass rolling out 2FA app only means one must have a smartphone. I know it sounds crazy but not everyone need a smartphone.
 

iphonefreak450

macrumors 6502a
Original poster
Dec 14, 2014
572
105
So suppose I have a new SIM card with a new number, then I should leave in my current SIM card in the phone when signing into my Apple account in order to receive the code from the current SIM card and once signed into my Apple account, then I can add the new number under Add Trusted Number. After that process is completed, then it’s safe to take out the old SIM card and insert the new SIM card?
 

jaytv111

macrumors 6502a
Oct 25, 2007
784
554
So suppose I have a new SIM card with a new number, then I should leave in my current SIM card in the phone when signing into my Apple account in order to receive the code from the current SIM card and once signed into my Apple account, then I can add the new number under Add Trusted Number. After that process is completed, then it’s safe to take out the old SIM card and insert the new SIM card?
1) You need your trusted number to be able to sign in with 2FA.

2) You need to be signed in to change your 2FA trusted number

3) You don’t need to sign in and sign out to change numbers, once signed in you stay signed in, you can easily pop out the SIM card and add numbers and delete the old numbers.

4) This is a bit easier if you had 2 or more Apple devices, because you can do 2 factor without even having the phone number at all, if you had an iPad or Mac signed into iCloud you can enable signing into a new iPhone with the iPad. I understand not everyone wants 2 or more Apple devices but it’s just a little nicety to not have to worry too much about Apple ID.

5) Probably goes without saying you need to protect your SIM card with a PIN as well. Otherwise people can use all your 2-factor if they stole your phone and sign in on your account and it’s a mess if you don’t have a PIN set. Or use eSIM because they can’t pop an eSIM out and put it into another phone.

Also please read Apple support pages thoroughly: https://support.apple.com/en-us/HT204915

You never know if forum members have wrong information (even me!)
 
  • Like
Reactions: kitKAC

okkibs

macrumors regular
Sep 17, 2022
140
105
The problem of mass rolling out 2FA app only means one must have a smartphone. I know it sounds crazy but not everyone need a smartphone.
Nothing stops Apple from using TOTP/HOTP that has apps for every desktop OS, and nothing stops Apple from making their own desktop OS app if they really must tie each OTP to a specific action/transaction. Not everyone has a smartphone but it is extremely unlikely that someone who is in possession of an Apple account does not also have a computer. One of my banks for example does offer a desktop app for people without a smartphone.

We're talking about Apple here, surely programming a tiny 2FA app for iOS, Android as well as MacOS and Windows can't be an issue. And I see no reason why they couldn't use the existing standard instead of rolling out their own apps. They aren't a bank after all.
 

Shirasaki

macrumors G5
May 16, 2015
13,940
8,540
Nothing stops Apple from using TOTP/HOTP that has apps for every desktop OS, and nothing stops Apple from making their own desktop OS app if they really must tie each OTP to a specific action/transaction. Not everyone has a smartphone but it is extremely unlikely that someone who is in possession of an Apple account does not also have a computer. One of my banks for example does offer a desktop app for people without a smartphone.

We're talking about Apple here, surely programming a tiny 2FA app for iOS, Android as well as MacOS and Windows can't be an issue. And I see no reason why they couldn't use the existing standard instead of rolling out their own apps. They aren't a bank after all.
However unlikely you think "someone who is in possession of an Apple account does not also have a computer", there are folks whose daily job has nothing to do with computers or iPad for that matter. An iPhone, and that's everything. So, what do those folks need to do if he/she wants to use Apple devices if SMS option is no longer there? Buy an iPad to receive 2FA code? Get a cheap phone?

Programming isn't the major concern. The major concern is to cover the largest customer base possible when rolling out mandatory security features like 2FA. SMS fits this role because the number of people who don't even have a phone is so negligible it doesn't matter. But smartphone is another matter, same for the computer, which will limit 2FA user base unnecessarily if it is restricted to app only. Yes, Apple is not a bank, but no, Apple device is popular enough and powerful enough that app-only 2FA is not really viable for the time being.
 
  • Like
Reactions: compwiz1202

haplain

macrumors regular
May 18, 2011
106
42
2FA is a blessing and a curse. I know someone who got their sim hacked/copied and 2FA almost made things easier when their sim was cloned.
 
  • Like
Reactions: compwiz1202

Shirasaki

macrumors G5
May 16, 2015
13,940
8,540
2FA is a blessing and a curse. I know someone who got their sim hacked/copied and 2FA almost made things easier when their sim was cloned.
A well-implemented 2FA can help halt account hacking. Unfortunately, such 2FA either requires account owner to have a special SmartKey, possess spare devices for 2FA code, or a combination of those. Maybe even a vein scan. And for the general public, following the lowest denominator principle, SMS/backup number is the most acceptable method to send that code, outside of email.

Heck, Google's "Tap Yes on device" never works for me, despite owning multiple Apple devices. At least SMS is an option.
 

KOTN91

macrumors 6502a
Nov 23, 2017
552
398
I’m wondering if what would happen if my iPhone is lost, stolen, or even suddenly dies and I can’t login to my Apple accounts because I wouldn’t have the phone with me to receive the verification codes?

What happens then?

Any advice?

I DID NOT lose my phone and my phone is with me. But I’m just planning on how to access my Apple accounts in case I don’t have my iPhone with me.

Also, what happens if I get a new SIM card with a new phone number? Will I need to first login to my Apple accounts first by receiving the verification codes from the current SIM card number and then add the new number under my Apple ID account settings under the Two Factor Authentication section and once that’s done, then I can safely remove the previous old number?
Exactly. 2FA is the height of folly. What do you do if you lose your phone that you need to find, oh I know let’s send a message to the lost device, which by definition you don’t have on you. Utter stupidity

I actually made a thread about this last year after losing my phone (thankfully I don’t have 2FA enabled) saying how screwed I would have been had I signed up for 2FA. Of course that didn’t go down very well with the usual “Apple can do no wrong” brigade
 

compwiz1202

macrumors 603
May 20, 2010
5,264
3,374
I wish Apple would be able to add email option for receiving the codes as well.
The other thing is can you change the default to SMS? I still have my SE at home but it's not on a plan so I don't take it everywhere. Would be easier to just get the text than tapping can't get a code and then text. And why do they use the six boxes? Only the first digit autofills. I'm to the point where I tap the code and then type the last five digits
 

compwiz1202

macrumors 603
May 20, 2010
5,264
3,374
Exactly. 2FA is the height of folly. What do you do if you lose your phone that you need to find, oh I know let’s send a message to the lost device, which by definition you don’t have on you. Utter stupidity

I actually made a thread about this last year after losing my phone (thankfully I don’t have 2FA enabled) saying how screwed I would have been had I signed up for 2FA. Of course that didn’t go down very well with the usual “Apple can do no wrong” brigade
Yea I don't understand why you can't disable 2FA if you still have the ability to verify
 

mrochester

macrumors 68040
Feb 8, 2009
3,487
1,487
Exactly. 2FA is the height of folly. What do you do if you lose your phone that you need to find, oh I know let’s send a message to the lost device, which by definition you don’t have on you. Utter stupidity

I actually made a thread about this last year after losing my phone (thankfully I don’t have 2FA enabled) saying how screwed I would have been had I signed up for 2FA. Of course that didn’t go down very well with the usual “Apple can do no wrong” brigade
Don’t forget you can add multiple trusted numbers to your Apple account so that you can ask for the code to be sent another number in this very situation.
 

Shirasaki

macrumors G5
May 16, 2015
13,940
8,540
Don’t forget you can add multiple trusted numbers to your Apple account so that you can ask for the code to be sent another number in this very situation.
Well, if I actually trust so many people that I am comfortable to hand over my account access to them (not quite but you get the gist), I might as well disclose everything I have on those accounts to them at that point.

Even your partner can backstab you, or yourself. Yes, you heard that right.
 

FreakinEurekan

macrumors 68040
Sep 8, 2011
3,835
934
Eureka Springs, Arkansas
The other thing is can you change the default to SMS? I still have my SE at home but it's not on a plan so I don't take it everywhere. Would be easier to just get the text than tapping can't get a code and then text. And why do they use the six boxes? Only the first digit autofills. I'm to the point where I tap the code and then type the last five digits
If your SE is a “Trusted Device” it will provide 2FA codes without cellular service. Codes come from either a trusted phone number, or a trusted device.
 

okkibs

macrumors regular
Sep 17, 2022
140
105
app-only 2FA is not really viable for the time being.
...except I've never said Apple should do app-only 2FA. What stops Apple from offering an additional method? Again, I don't have a landline I could use as an additional number, and if my phone gets stolen I'd have to wait at least until I get the replacement SIM card. Which would be only a couple of days, except just getting the request to customer support now takes longer since "we are experiencing an unusually high...." that seems to be the default since the start of the pandemic.

I actually made a thread about this last year after losing my phone (thankfully I don’t have 2FA enabled) saying how screwed I would have been had I signed up for 2FA. Of course that didn’t go down very well with the usual “Apple can do no wrong” brigade
To be fair -and I'd be in the same boat as you if I were to lose my phone- you wouldn't actually be screwed. You buy a new iPhone, they can be activated without a SIM card present, then you wait for a replacement SIM card to arrive and you're good to go.

If for whatever reason you could not get a replacement SIM card at all, then you'd indeed be screwed except you'd already have a way bigger problem that is losing your phone number that you might have had for a decade or longer. In that case you should really fix that first, by switching providers for example, that's really not on Apple.

And if you rely on Apple services in a way where you can't be without functional 2FA for a few days -which I can't imagine, but I am sure there is a usecase for that I am not aware of- perhaps due to business reasons, then you absolutely should find a plan b before this actually happens and it costs your business money. And if that means you gotta keep a second contract and phone in a drawer just in case, then that's a required business expense.

I honestly don't see how you'd be so screwed, what would be the problem? But I did say that I'd prefer if we get additional app 2FA options, Apple is literally the only service where I have my phone number connected for 2FA. I don't even need it for a bank account.
 

mrochester

macrumors 68040
Feb 8, 2009
3,487
1,487
Well, if I actually trust so many people that I am comfortable to hand over my account access to them (not quite but you get the gist), I might as well disclose everything I have on those accounts to them at that point.

Even your partner can backstab you, or yourself. Yes, you heard that right.
I can’t help you with trust issues, sorry. But the tools are there to allow you to mitigate against the issue described.
 
  • Like
Reactions: kitKAC
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.