You can't remove 2 factor authentication after setting it now?!

[shankar2]

Hi so I want to remove 2 factor authentication for an account but I signed in to the appleid website and now there is no option to remove the 2 factor auth!

I read in an apple support doc that now in new setup if you have used 2 factor auth then it can't be removed anymore!

Is this true? My dad is very tired of this extra security and the security requests (for code) bothers him and I'm here trying to remove the auth feature. Why is Apple making it tough for old folks who use their phones?

 

[IndianBird]

Because they’d rather do them a solid and teach them that two factor authentication should be the norm.

 

[shankar2]

Here is the apple support article of Dec 7 2018:

https://support.apple.com/en-us/HT204915

And it says now:

====
Can I turn off two-factor authentication after I’ve turned it on?

If you already use two-factor authentication, you can no longer turn it off. Certain features in the latest versions of iOS and macOS require this extra level of security, which is designed to protect your information. If you recently updated your account, you can unenroll for two weeks. Just open your enrollment confirmation email and click the link to return to your previous security settings. Keep in mind, this makes your account less secure and means that you can't use features that require higher security.
====

Why so?

 

[Spoon!]

No, you can no longer turn this off. Apple has annoyingly removed this ability. I had to change my number recently, and it was a huge pain in the arse. Now I use a burner app for my Apple ID number so that if I need to change it, it won't be a hassle.

 

[oneMadRssn]

While I don't mind that it can't be turned off outright, I wish there was a way to temporarily disable it.

For example, if I am flying and paid for internet on the plane - it is usually limited to just one device. So if I try to login to icloud.com on my work windows machine, I cannot do the two-factor verification on my iPhone. They should allow a way to disable two-factor for 24hours or something.

 

[Spoon!]

While I don't mind that it can't be turned off outright, I wish there was a way to temporarily disable it.

For example, if I am flying and paid for internet on the plane - it is usually limited to just one device. So if I try to login to icloud.com on my work windows machine, I cannot do the two-factor verification on my iPhone. They should allow a way to disable two-factor for 24hours or something.

Or even better ... they just bring back the option to turn it off.

 

[shankar2]

Or they should get an app like Google's Authenticator... I talked to Apple support and they confirm this... if you have turned on 2 factor auth.. you can't remove it anymore! This is too much for old folks.

So if as said above, you don't have another trusted device (phone, macbook) to auth the 6 digit number, you are pretty much screwed if you are trying to setup your apple id on a new phone..
[doublepost=1546628659][/doublepost]

No, you can no longer turn this off. Apple has annoyingly removed this ability. I had to change my number recently, and it was a huge pain in the arse. Now I use a burner app for my Apple ID number so that if I need to change it, it won't be a hassle.

Hi what's this burner app you refer to?

 

[Shirasaki]

This is exactly why I refuse to turn on 2FA even after Apple trying to push me to enable several times. Just like iOS update, it is a one-way trip and no turning back.
To me, this level of “extra security” is almost a fallacy rather than actual “increased security”. Sure, losing password alone is no longer enough to steal your account. But a strong security question can also help. When your security question answer needs to be brute forced, you are probably fine.

 

[LizKat]

I don't see it as any more annoying than having to hold a screen door open while putting a house key into the lock of the main door... in other words, sure it's annoying, but so what, life is complicated in lots of little ways and we eventually manage to get over it all. I'm old but I can still manage to look at a phone or a laptop and punch in a code on the other device.

I'd rather do that than go through the bother of looking up in a password manager some made-up answer to a made up security question for God's sake. I hate those things, and the bother of trying to make sure they're all different for every door lock I have to get open...

How much longer we gotta pretend we're married?
SometimesBeingAJokerIsEntirelyPancakes
​

But of course a lot of places don't let people frame their own questions, and then they may answer the generic style questions truthfully, thus risking spread of more real data points about themselves all over the internet every time some site they use is hacked.

What was the name of your grammar school?
East Podunk Elementary School [oh, good one so she probably went to college]

What city did you live in when you were 14?
West Sycamore Flats [hah, maybe she didn't go to college after all]
​

No thanks, I'd rather copy six numbers Apple sends to some other device's screen. Once in awhile I have to ask it to send another set because I left every other device somewhere else. I tell myself it's good exercise... crucial to a long life.

 

[NoBoMac]

I'll be one of the odd ones out there in that 2FA has not been a hassle, and like the extra level of security.

Only time I get pinged on it is when I setup a new device or sign into appleid.apple.com.

Back when I had a Facebook account, had a ton of hackers trying to get in, but since random passcode there and 2FA turned on, just got nuisance emails saying "someone is trying to get in".

Since can provide a landline as a secondary "device", would need some serious issues that cannot get a code, and some very serious loss of other Apple devices to be a big issue, imo.

 

[MisterSavage]

I'll be one of the odd ones out there in that 2FA has not been a hassle, and like the extra level of security.

I'm right there with you. I was horrified when I read last year that less than 10% of Gmail accounts have 2FA enabled. I want it on everywhere I can get it.

 

[bbrks]

2FA is a great feature, but after Apple messed it up with my account (tel.no. where the verification code is supposed to be sent), I wasn't able to log in an use my Apple ID for several months. Apple support tried 3 times to ''unlock'' my account, without success. Only the forth time they were able to do it. So, after that bad experience, I will never use it again. And now it's even worse, as one is not able anymore to turn it off.

 

[cynics]

Being able to turn off 2FA breaks the security for the people 2FA protects the most. This is people that are generally susceptible to phishing scams and things like that. With so much data being accessible via iCloud there is just too much at stake. For example imagine the OP is a crook trying to access your computer illiterate parents AppleID. They would be a couple emails away turning it off. However with physical possession of a trusted device. Unless they con'd your parents (in this example) into mailing them a trusted device via the post there isn't anything they can do.

2FA is also essential to allow non trusted devices convenient access to secure data. For example unlocking the Mac with a Apple Watch wouldn't be a thing if you only needed a AppleID and password to add a device to an account.

It definitely has its inconveniences however however by taking things that are done less often (ex. adding a device to your account) things that are done more often (ex. securely signing into anything and staying signed in) can be simplified providing better security and more convenience. Ugh, remember security questions? Not only are they easily obtainable its tedious as all hell inputing them.

 

[C DM]

Being able to turn off 2FA breaks the security for the people 2FA protects the most. This is people that are generally susceptible to phishing scams and things like that.

Curious, what's the relationship between some who might want the option of being able to turn off something like 2FA and the same group being more susceptible to phishing, scams, etc.?

 

[cynics]

While I don't mind that it can't be turned off outright, I wish there was a way to temporarily disable it.

For example, if I am flying and paid for internet on the plane - it is usually limited to just one device. So if I try to login to icloud.com on my work windows machine, I cannot do the two-factor verification on my iPhone. They should allow a way to disable two-factor for 24hours or something.

With Windows I've been able to just share my wifi to my iPhone without a problem on flights. With MacOS its obviously not an issue since the Mac just needs to be a trusted device. However tethering from the phone to computers is an option too if your phone is the the device signed it.

[doublepost=1546716627][/doublepost]

Curious, what's the relationship between some who might want the option of being able to turn off something like 2FA and the same group being more susceptible to phishing, scams, etc.?

Someone that wants to turn off 2FA could be the person who has obtained your U/N and P/W through means of phishing.

I didn't mean to apply there is a correlation between the actual AppleID owner wanting to turn it off and them being susceptible to scams.

 

[Shark5150]

I'll be one of the odd ones out there in that 2FA has not been a hassle, and like the extra level of security.

Only time I get pinged on it is when I setup a new device or sign into appleid.apple.com.

Back when I had a Facebook account, had a ton of hackers trying to get in, but since random passcode there and 2FA turned on, just got nuisance emails saying "someone is trying to get in".

Since can provide a landline as a secondary "device", would need some serious issues that cannot get a code, and some very serious loss of other Apple devices to be a big issue, imo.

Me too

 

[zorinlynx]

Hi so I want to remove 2 factor authentication for an account but I signed in to the appleid website and now there is no option to remove the 2 factor auth!

I read in an apple support doc that now in new setup if you have used 2 factor auth then it can't be removed anymore!

Is this true? My dad is very tired of this extra security and the security requests (for code) bothers him and I'm here trying to remove the auth feature. Why is Apple making it tough for old folks who use their phones?

I'm curious; why is your dad signing in so often that the 2FA code requests would become a nuisance?

Once my devices are signed in they stay signed in. The only time I find myself having to enter 2FA codes is when I sign into iCloud from a browser after not doing so for a while.

 

[posguy99]

Curious, what's the relationship between some who might want the option of being able to turn off something like 2FA and the same group being more susceptible to phishing, scams, etc.?

Because they will turn it off and leave it off. Then whine when their account information gets exfiltrated.

Apple even has a process for you to get codes from an offline device. Of course people never read.

https://support.apple.com/en-us/HT204974

 

[zorinlynx]

Because they will turn it off and leave it off. Then whine when their account information gets exfiltrated.

Apple even has a process for you to get codes from an offline device. Of course people never read.

https://support.apple.com/en-us/HT204974

Huh, I just tested this by signing in with a browser, getting the code from my iPhone with airplane mode on. That's really cool! Good to know for the future.

 

[C DM]

Because they will turn it off and leave it off. Then whine when their account information gets exfiltrated.

Apple even has a process for you to get codes from an offline device. Of course people never read.

https://support.apple.com/en-us/HT204974

Seems like that's not what was being implied there.

That particular logic is flawed as it's based on some sort of generalized assumptions and therefore doesn't apply in many cases.

 

[Spoon!]

Hi what's this burner app you refer to?

It’s called “Burner” and it allows me to have a secondary number with unlimited texting and calling for 5 dollars a month. I also use it for temporary throwaway numbers.

 

[harriska2]

My son’s 2FA was totally screwed up. The only way to fix it was to log in via web and disable it. That fixed all his problems. Not sure I would enjoy calling Apple 4 times to get it fixed.

 

[IndianBird]

My son’s 2FA was totally screwed up. The only way to fix it was to log in via web and disable it. That fixed all his problems. Not sure I would enjoy calling Apple 4 times to get it fixed.

How was it totally screwed up?

 

[harriska2]

How was it totally screwed up?

It required constant log in of the Apple ID and wouldn’t sync across devices. One day it just up and decided not to work. I don’t think we did anything. We did upgrade to el cap but that was well before the fiasco started. It may have been the ipad getting upgraded to 11. Don’t know but it was a pain.

 

[bbrks]

It required constant log in of the Apple ID and wouldn’t sync across devices. One day it just up and decided not to work. I don’t think we did anything. We did upgrade to el cap but that was well before the fiasco started. It may have been the ipad getting upgraded to 11. Don’t know but it was a pain.

In my case, verification codes were suddenly sent to the wrong phone number. Obviously, from that moment on my Apple ID was dead.I couldn't sign in anywhere, no updates for almost 4 months and constant pop ups asking me to sign in. A real nightmare