AppleID Two-factor Authentification with Email address

Solution 1:

Yes, you can login with your AppleID using any trusted device without having access to your phone number.

The first time you login with your AppleID using an iPhone, iPad, iPod Touch or Mac, you'll be asked if you want to trust the device. This saves data on the device that allows you to login again without having to your phone number at all.

When you need to login with your AppleID you can use any of the trusted devices to generate the necessary six-digit verification code. So if you're logging on to a new, untrusted device, you can use the code shown on your Mac, iPad or another device as verification. You do not have to use your phone number at all.

The trusted phone number is only used if you cannot access of your trusted devices. You can potentially use a VoIP phone number as the trusted phone number (make sure to check that the specific VoIP service works for this purpose), if you having problem carrying your ordinary number with you when you travel. However, normally it is not problem taking your cell phone and phone services to other countries.

Regarding your frustration with "why not email": Only Apple can really know why Apple did what Apple did. However, the point of 2-factor authentication is to ensure that two different factors are used when authentication - these factors are commonly named "something you know", "something you have" and "something you are".

For many people their email-account will be behind the same username and password as the AppleID they want to protect with 2FA - therefore using email is not a good idea there. In addition, quite a few will have their email protected by only a username and a password - which similar to your AppleID username and password is "something you know" - which means that you then only have 1-factor authentication.

You could easily argue that Apple should support other methods for the second factor - such as for example TOTP tokens. However, we cannot know why Apple has chosen not to do so. It is really speculation at that point.

Solution 2:

Keep in mind SMS is a fallback from trusted device push notifications. You don’t even need an SMS message unless you can not / do not choose to have trusted devices with you that use network based Apple push notification services (APNS).

  1. Go all in on trusted devices if you can - avoid SMS entirely.
  2. Choose a dual sim phone if you can so you can layer both lines when you travel or add a short term number.
  3. Many carriers allow SMS to forward to a watch or iPad or computer so that the delivery is network based like the Apple trusted device notification path.
  4. Add your new number as a trusted phone number when you need that extra flexibility.
  • https://support.apple.com/en-us/HT204915

You don’t have to remove your primary or depend on SMS only would be my recommendation unless/until Apple adds new methods of verifying it’s you when you want to sign in to a service from abroad.