How to add or remove a trusted phone number for your Apple ID two-factor authentication

In this tutorial, we’ll show you how to add a trusted phone number to your Apple ID for two-factor authentication (2FA) purposes. These steps will also help if you want to remove an existing phone number and stop it from receiving 2FA login codes.

Apple two-factor authentication code sent via text message

Most active Apple IDs have two-factor authentication turned on. This adds an extra level of security and helps keep your Apple ID, iCloud, and all its cloud data safe.

With two-factor authentication activated on your Apple ID, you will need to verify with a code sent to your trusted Apple devices or your phone number every time you want to log in to your Apple ID or iCloud on a new device or web browser.

This 2FA code is asked after you enter the correct Apple ID email address and password. As a result, in the rare event that someone knows your Apple ID password because you disclosed it unknowingly, or it appeared in a password breach, the two-factor authentication will still block the unauthorized person from logging in to your Apple account.

When your phone number is used for Apple ID two-factor authentication

Two-factor codes are not automatically sent to your mobile number because there are better and safer ways to do that than SMS.

Every time you try to log in from a new device, the 2FA code is sent to your other trusted Apple devices.

For instance, if I want to log in to my iCloud account in a web browser, an “Apple ID Sign In Requested” prompt is sent to my trusted iPhone, iPad, Apple Watch, and Mac. I can see the approximate location from where the sign-in is being attempted. And since I’m doing it, I can allow it, and then the six-digit code appears, which I have to use in the web browser to complete the sign-in. You can learn more about adding trusted devices to your Apple ID in our dedicated tutorial.

Apple ID Sign In Requested prompt on iPhone with six digit code

However, if you cannot receive the sign-in two-factor code on your trusted device for some reason, then the sign-in code is sent to your trusted mobile number. All you have to do is tap “Did not get a verification code?” and select “Use phone number” to get the code via text message or call.

Use phone number to get Apple ID login verification code

Add or remove mobile number for Apple ID two-factor authentication

1) Open the Settings app on your iPhone or iPad and tap your Apple ID name from the top of the screen.

2) Tap Sign-In & Security.

Tap your name and then tap Sign-In and Security in iPhone Settings

3) Select Two-Factor Authentication.

4) Tap Edit next to Trusted Phone Numbers.

Tap Two-Factor Authentication and tap Edit next to Trusted Phone Numbers

5) After that, you can add a new number or remove an existing one.

  • Add: Tap Add a Trusted Phone Number, enter your iPhone passcode, and tap Done. Now, type the new phone number, choose to verify using a text message or phone call, and tap Continue. Enter the one-time code you received to finish adding this mobile number as a trusted number for your Apple account.
Add a Trusted Phone Number for your Apple ID
  • Remove: Tap the red minus button button next to the phone number and hit Delete. Lastly, tap Remove, and Apple will no longer use this mobile number to verify your identity.
Remove a trusted phone number from your Apple ID

Tip: Apple advises you to consider verifying more than one phone number, such as a home phone or a number used by a family member or close friend. You can use these to sign in if you can’t access your own number.

2FA and SMS security

Unless all of your trusted devices are unavailable or offline, you’re advised to avoid having your 2FA verification code sent to your phone number via SMS or automated phone call. That’s because sending security codes through text messages has been proved to be vulnerable to hijack attacks and spoofing stemming from social engineering.

“SMS is just not the best way to do this,” warns security researcher and forensics expert Jonathan Zdziarski. “It’s depending on your mobile phone as a means of authentication in a way that can be socially engineered out of your control.”

SMS is the weakest link in two-step logins. For instance, a rogue party might call up your carrier and impersonate you to convince support to redirect your text messages to their SIM card.

Zdziarski explains:

SMS has turned that ‘something you have’ into ‘something they sent you.’ If that transaction is happening, it can be intercepted. And that means you’re potentially at some level of risk.

Besides, various authoritarian governments might be tempted to hijack the SMS messages that a political dissident might need to verify their identity with Apple’s 2FA system.

Check out next: How to secure your iPhone (17 tips)