I found out that Apple has finally embraced One Time Passwords and integrated them into MacOS and iOS. So this article is interesting if you :
- Use a Mac and an iPhone together
- Use the Apple Keychain for passwords
- Sync via the cloud
- Your default browser is Safari.
So this is a bit of an article for the fans. I also already apoligize because the content here probably is outdated when the next update is done.
Apple doesn't advertise it much and I get that. With 2FA you add security but rarely ease of use. Also, the current flows are certainly not without bumps.
I wrote another article about what Two Factor Authentication and On Tim Passwords are, and why they are important. The process consists of two steps. Creating a token once and later entering codes in browser or app.
Set up per account
To use 2FA and the codes, you first request a token. When you request the token it is stored and activated by an initial entry of the One Time Password (probaly a six digit code).
So it can be that you handle everything on the phone or computer or that you let them work together. The latter is kind of easy. I took a Google Account as an example.
There you go to the settings and look under security for Two Factor Authentication. You indicate that you have an app and then you can start. A QR tag appears that you just scan with your camera:
Clicking it opens your password repository with Google accounts and you manually link the request to the correct account. When you only have one account it is even easier.
Then you confirm the link by typing the first code and then 2FA is set. The settings will be backed up in the iCloud and shared between MacOS en iOS.
Entering codes when asked
An application occasionally asks for the One Time Password code. I'll briefly show how iOS and MacOS handle that request.
On the iPhone
After entering username and password, the code field appears and you choose the correct account, the code is entered. You can also choose to type them manually.
On the Mac
On the computer, a dropdown appears if you have multiple accounts with 2FA. You choose the correct one and the code is entered.
Sometimes Safari or an app do not pick up the codes properly. In those cases you will need to open the passwords repository. There you can search for the account and you will see the code.
As an example a generated code on the Mac for LinkedIn: