New Apple ID Sign-In Options: Phone Number on File or Trusted Device

[MacRumors]

The upcoming iOS 17, iPadOS 17, and macOS Sonoma updates for the iPhone, iPad, and Mac include a couple of new sign-in methods for an Apple ID account.

First, it is now possible to sign into an Apple ID with any phone number or secondary email address on file with the account. We were able to sign into an Apple ID with a phone number on the Apple ID website using a Mac running macOS Ventura, so it's unclear if this feature specifically requires the new software updates or is simply a backend change.

Second, starting with an iOS 17 update coming later this year, there will be a new Apple ID proximity sign-in feature. This will allow you to bring an existing signed-in and trusted iPhone or iPad into proximity with a new device being set up, pair the devices by scanning an on-screen "particle cloud," and complete sign-in automatically.

iOS 17, iPadOS 17, and macOS Sonoma also added passkey support to Apple IDs.

Apple announced that iOS 17 and iPadOS 17 will be released on Monday, September 18, while macOS Sonoma launches Tuesday, September 26.

Article Link: New Apple ID Sign-In Options: Phone Number on File or Trusted Device

 

[MallardDuck]

Oh this is going to end well.

SIM hijacking.
Reused numbers that were never released by the previous owner.

Phone number, like SSN, is NOT a valid identifier.

 

[BenGoren]

It’s the fundamental dilemma of security. You want to make it invisible to legitimate people but impenetrable to others.

I can easily imagine being grateful for being able to sign in with a device. I can also easily imagine somebody getting hacked as a result.

There isn’t a good answer. For example … you might think that it would be a good idea for Apple to offer an option to enable or disable this. But there will still be cases where the option is in the worng state — somebody regrets enabling it, somebody else regrets disabling it.

Ultimately … life is imperfect.

b&

 

[Skyscraperfan]

From a privacy perspective it is a problem that you need a phone number for an Apple ID. Why doesn't it work with an email address? A phone number is very sensitive information.

 

[killawat]

Really don't like this one. Apple why get us killer auth with Yubikey and then make our accounts easier to compromise with phone number?

 

[Natas1000]

Can we merge icloud accounts yet?

 

[Brad7]

I thought they would push for passkey over phone number of all things.

 

[Carlson-online]

This has already been live on the apple site for over a month.

 

[Apple_Robert]

I just logged in and didn't see any of those options although I do have my account secured with Yubikey.

 

[alexandr]

Oh this is going to end well.

SIM hijacking.
Reused numbers that were never released by the previous owner.

Phone number, like SSN, is NOT a valid identifier.

But your Apple ID is?..

 

[6787872]

apple has the most poorly implemented mfa i've ever seen

 

[HowEver]

apple has the most poorly implemented mfa i've ever seen

Were you hacked?

No?

 

[jonnysods]

I really wish they would allow OTPs, I do not like using a phone number as a second authentication factor.

 

[fwmireault]

I think some people are confused by the wording here. This is not SMS 2FA, nor is that a replacement to Yubikey or the classical Apple OTP authentification with a code sent to known Apple devices. It’s not even a replacement to passkey. This only means that you can enter your phone number as the ID. You still need to provide a password and to do the same 2steps authentification as usual.

Many Apple IDs are not a very private information anyway as it is often the primary email address of an user, so providing more possible "username" options is not making it less secure

 

[6787872]

Were you hacked?

No?

yes, actually.

try again.

 

[steve333]

I just wish Apple would stop trying to trick us into using 2 factor authentication
If we want it, we'll choose it. I don't want that red mark on my system settings icon on all the time for no reason.

 

[SilverWalker]

yes, actually.

try again.

Sorry to hear that.
Can you tell us what/how it happened?

 

[jimthing]

And if you're one of the millions still forced to use two separate A-IDs (one for iCloud, one for Stores); which A-ID does it 'decide' to log you in to?

 

[HowEver]

Sorry to hear that.
Can you tell us what/how it happened?

Seriously we would like to know how it happened.

 

[Shirasaki]

Trusted device. Oh yeah that 6-digit passcode thingy gonna carry even more weight.
Mind you guys the new assistive access mode thing requires you to give up alphanumeric passcode to access.
Apple really has lots of confidence in making sure their customer info is not leaked to third parties and hackers.
What’s going to happen next? SSN? Government ID? Passport number?

 

[svish]

Good to see login with phone number as an option

 

[MilaM]

I don't like how Apple is weakening the security of the AppleID more and more.

 

[fwmireault]

I don't like how Apple is weakening the security of the AppleID more and more.

How so?

 

[MilaM]

How so?

First the issue that trusted devices can change your AppleID/iCloud password only using your device passcode (6 digits). Now the possibility to sign-in using just an SMS code or a code sent by email.

It's very convenient, I get it. But some users maybe need or want better security.

I think this is going to lead to more account takeovers in the future by scammers.

 

[fwmireault]

First the issue that trusted devices can change your AppleID/iCloud password only using your device passcode (6 digits). Now the possibility to sign-in using just an SMS code or a code sent by email.

The first issue is indeed concerning and I wish Apple would fix it. But the new feature with the phone number is not a password or multiple factor authentification replacement. It just means that you can provide your phone number as your Apple username rather than the primary email. Your primary email is most likely not a private information anyway, so even if someone knows your phone number, they still need a password, a six digits code from a trusted device, or a Yubikey to log in