Forced Two-Factor Authentication

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by Kagami190, Mar 30, 2017.

  1. Kagami190 macrumors member

    Joined:
    Aug 1, 2013
    #1
    Soooo.... interesting....

    I just recently started sharing purchases with my family via Family Sharing so in an effort to avoid having my contacts/calendars/pics combined with someone else I created a new iCloud account for myself.

    I signed out of the iTunes Apple ID from iCloud awhile back and I made the decision to create the Apple ID after updating the iOS to 10.3 (I know... I was going bare with no iCloud sync/backup cushion but if something had happened to the phone I would have taken responsibility)

    Anyway, I created a new @icloud.com Apple ID at the setup screen and immediately it asks me for my phone number, alerting me that I will enter a six digit code sent to this phone number to log into my Apple ID. There is no tiny "skip" link anywhere, just a "learn more" link. Because I don't see a way forward, I put in my phone number and resolved to turn it off later (I've accidentally turned it on in the past and have turned it right off because I find it annoying... though I understand the difference in security)

    I got to settings to turn it off and... there is no button for it! It says two-factor authentication is on but it's greyed out and I can't turn it off!

    So I log onto applied.apple.com with my computer (a MacBook Air) and sign into my new account with two factor authentication. I navigate to security and under two-factor authentication ... there is no option to turn off!!

    I think Apple has started to not just strongly suggest two-factor authentication but (with new accounts) forcing it on with no option to turn it off!! I've been meaning to call AppleCare to get them to look into it but for now it's just a minor inconvenience. Still sucks though :(
     
  2. Closingracer macrumors 68020

    Joined:
    Jul 13, 2010
    #2
    They turned it on my phone when I updated to the latest OS.... Took a while to turn it off....
     
  3. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #3
    They typically offer to enable it during the upgrade process, but there's an option to decline that.
     
  4. Kagami190 thread starter macrumors member

    Joined:
    Aug 1, 2013
    #4
    I hear what you're saying, and I know what you're saying to also be true. I have declined that option myself many times after an upgrade.

    This however seems specific to me having created the account on the device itself after the 10.3 update. There is legitimately no way for me to turn off two-factor authentication. Not even on appleid.apple.com - the turn off feature is gone. Just a "learn more" link
     

    Attached Files:

  5. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #5
    Sounds like you might want to contact Apple about it.
     
  6. Kagami190 thread starter macrumors member

    Joined:
    Aug 1, 2013
    #6
    Lol thanks for that suggestion.

    I plan to do so! I'll report back once I actually take the time to call.
     
  7. Erdbeertorte, Mar 31, 2017
    Last edited: Mar 31, 2017

    Erdbeertorte macrumors demi-goddess

    Joined:
    May 20, 2015
    #7
    That's strange. I can still turn it off here on my Mac in Safari and Firefox: https://appleid.apple.com/account/manage

    I have iOS 10.3.2 Beta and macOS 10.12.5 Beta installed on all devices and already turned it off a few weeks ago for a while when I still was on iOS 10.3 Beta and macOS 10.12.4 Beta.


    Screen Shot 2017-04-01 at 07.15.23.png
    Screen Shot 2017-04-01 at 07.22.20.png


    Edit:

    Also no problems turning it off in Safari on my iPhone:

    2017-04-01 07.30.37.png
     
  8. bopajuice macrumors 6502a

    bopajuice

    Joined:
    Mar 22, 2016
    #8
    Excuse me for asking but why is two factor authentication even needed? Forgetting your password sounds more like an excuse to obtain your phone number. Several sites or accounts I have used have asked me to add a phone number. I don't do it.

    Just another piece of my personal information to add to someone's database.
     
  9. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #9
    That's not quite what 2-factor authentication is: https://support.apple.com/en-us/HT204915
     
  10. LizKat macrumors 68040

    LizKat

    Joined:
    Aug 5, 2004
    Location:
    Catskill Mountains
    #10
    My problem with this stuff is it's not invariably made clear at the (sometimes unexpected) time a sign-in to "your Apple ID" is requested, which one is needed-- for those who have one for iTunes / iBookstore / Apple Music use, and a separate one for iCloud and cloud related apps like Notes or Mail etc.

    I read that support document about 2FA at https://support.apple.com/en-us/HT204915 and it doesn't say anything about what to do if you have more than one Apple ID. I have occasionally "guessed wrong" about which ID to supply after an update to some mobile device or laptop and gotten a whole raft of error messages about how my ID is invalid or it can't find my data etc etc. Now with 2FA if I mess up after an upgrade, it sounds like I'll have even more ways to go astray. I wonder if I'll end up with a whole bunch of expensive bricks and two dead Apple IDs. And I wonder how to keep that from happening. For the moment my solution is skip the upgrade.
     
  11. Kagami190, Apr 3, 2017
    Last edited: Apr 3, 2017

    Kagami190 thread starter macrumors member

    Joined:
    Aug 1, 2013
    #11
    Update:

    So I called AppleCare and they had a "senior advisor" look at it. He didn't know the answer at first but called me back the next day.

    It seems my theory was correct.
    Apple IDs that are created on a 10.3 device or higher will have two-factor enabled with no option to turn it off.

    The Rep advised that if I wanted a non-two factor appleID that I would simply need to create the Apple ID outside of the os environment (IE: instead of the menus and settings of iOS/macOS , through the Apple ID/iCloud site itself) I noticed that this meant any @icloud.com Apple ID henceforth created anew by anyone on an Apple device would be forced into 2-factor.

    There's the answer. As for me, I started a separate gmail account and set up a non two-factor ID for my iCloud (the turn off/on link is there now)

    To recap:

    If you have an already created Apple ID, you can still opt out of two factor and nothing changes

    If you CREATE a NEW Apple ID within iOS with 10.3 or higher, Apple tells me two-factor is not negotiable any longer and it will automatically be turned on without option to turn off.

    EDIT:

    Apples support article at https://support.apple.com/en-us/HT204915 seems privy to this info (why I didn't look before I don't know) it seems to be the same case with the newest 10.12.4 Sierra update too. Doesn't mention not being able to turn it off though...

    "Some Apple IDs created in iOS 10.3 or macOS 10.12.4 and later are protected with two-factor authentication by default. In this case, you see that two-factor authentication is already turned on."
     
  12. Primejimbo, Apr 3, 2017
    Last edited: Apr 3, 2017

    Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #12
    What's the big deal about have 2 factor authentication on? It's a very slight pain when getting a new device, but once set up, you don't have to worry about it anymore. I just don't get it at all.
    Yeah, do some research...
    So you don't want extra security on email that's connected to your bank account? You don't want extra security in other important on-line accounts?

    Here is some info:
    http://wtop.com/news/2014/08/column-what-is-2-step-verification-and-how-do-i-use-it/

    Info about Apple's 2 factor authentication:
    https://support.apple.com/en-us/HT204915
     
  13. Kagami190 thread starter macrumors member

    Joined:
    Aug 1, 2013
    #13
    Not sure about others, but I definitely agree that two-factor is all around a good thing. I'm just concerned if I ever lose one of my trusted devices/phone number. I've had to do two-factor account recovery before and it's horrible and took two months almost.

    I'm very self-aware though. Right now it's a terrible inconvenience but I'm sure once the rest of the consumer tech world adopts it, it'll be just another password thing in a few years. I'd just like the option to be held responsible for my own security

    That's probably what all this is about anyway. With celebrities and the like getting their iCloud hacked (or more accurately; passwords guessed) all apple can do to protect their reputation is to force it on all their dumb customers who don't think they need it. But... that comes off really crappy in my opinion
     
  14. LizKat macrumors 68040

    LizKat

    Joined:
    Aug 5, 2004
    Location:
    Catskill Mountains
    #14
    Living in a dead zone for cellular signals, all this stuff about getting a texted 2FA code would be a pain in the neck -- so I may pick my landline instead, for a phone call to get the code. But then sometime I'll be elsewhere and have to hope my answering machine pickup on remote will have what I need? I hestitate to specify my iPhone and then have to rely on WiFi calling working fine when I have to use it to get a code off a text to the iPhone in my residential dead zone.

    I dunno. I'm sure it would work fine for people with "normal" cell service and reliable internet connections. In the boondocks, with DSL that sometimes takes a hike when the wind blows or it rains... I'm not looking forward to this "enhancement." Nonetheless I read up on the latest update and want to apply it so... guess I'm up for the experience of two factor authentication after all.
     
  15. Primejimbo, Apr 4, 2017
    Last edited: Apr 4, 2017

    Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #15
    at least you were able to recover it. The 1st version of Apple's 2SA, you were out of luck and had to start all over. How did you lose your phone number and trusted device? Don't most people lose their phone just get another one and use the same number, even if it's after a few days or weeks?


    You can set up an authenticator app so you don't need cell service. You don't even need cell service at all with these and I think I have 1 account that doesn't support it, Instagram. Even then I just needed it one time when I logged into the app and haven't needed it since. Facebook, gmail, hotmail/outlook, Dropbox, twitter, and others all support authenicators. Apple doesn't, but they have their own that you don't need cell service to use.

    Google Authenticator by Google, Inc.
    https://appsto.re/us/fdakx.i
     

Share This Page