Double security (2FA) within Apple ecosystem

I found out that Apple has finally embraced One Time Passwords and integrated them into MacOS and iOS. I show how 2FA works and how it looks.

Double security (2FA) within Apple ecosystem
Two sides of a bridge symbolising the shared token by server and client. 

I found out that Apple has finally embraced One Time Passwords and integrated them into MacOS and iOS. So this article is interesting if you :

  1. Use a Mac and an iPhone together
  2. Use the Apple Keychain for passwords
  3. Sync via the cloud
  4. Your default browser is Safari.

So this is a bit of an article for the fans. I also already apoligize because the content here probably is outdated when the next update is done.

Apple doesn't advertise it much and I get that. With 2FA you add security but rarely ease of use. Also, the current flows are certainly not without bumps.

I wrote another article about what Two Factor Authentication and On Tim Passwords are, and why they are important. The process consists of two steps. Creating a token once and later entering codes in browser or app.

Set up per account

To use 2FA and the codes, you first request a token. When you request the token it is stored and activated by an initial entry of the One Time Password (probaly a six digit code).

So it can be that you handle everything on the phone or computer or that you let them work together. The latter is kind of easy. I took a Google Account as an example.

There you go to the settings and look under security for Two Factor Authentication. You indicate that you have an app and then you can start. A QR tag appears that you just scan with your camera:

Scanning QR-tag with iPhone for native 2FA

Clicking it opens your password repository with Google accounts and you manually link the request to the correct account. When you only have one account it is even easier.

Connect 2FA token to account in Applepassword manager.

Then you confirm the link by typing the first code and then 2FA is set. The settings will be backed up in the iCloud and shared between MacOS en iOS.

Entering codes when asked

An application occasionally asks for the One Time Password code. I'll briefly show how iOS and MacOS handle that request.

On the iPhone

After entering username and password, the code field appears and you choose the correct account, the code is entered. You can also choose to type them manually.

Native 2FA code entering on iPhone

On the Mac

On the computer, a dropdown appears if you have multiple accounts with 2FA. You choose the correct one and the code is entered.

Native 2FA code entering on Mac

Edge cases

Sometimes Safari or an app do not pick up the codes properly. In those cases you will need to open the passwords repository. There you can search for the account and you will see the code.

As an example a generated code on the Mac for LinkedIn:

Screenshot from the password manager on the Mac showing 2FA codes for LinkedIn.