Double security (2FA) within Apple Keychain

Apple has integrated Two-Factor Authentication (2FA) into macOS and iOS through Keychain. I explain how 2FA works and how it looks.

Double security (2FA) within Apple Keychain
Two sides of a bridge symbolising the shared token by server and client. 

This article is for you when you want to improve and simplify your cybersecurity and you :

  1. Use a Mac and an iPhone together
  2. Use Apple Keychain for passwords
  3. Sync via the cloud
  4. Your default browser is Safari.

So this is a bit of an article for the fans. I also already apologize because the content here probably is outdated when the next update is done.

Apple doesn't advertise it much, and I get that. With 2FA you add security but rarely ease of use. Also, the current flows are certainly not without bumps.

I wrote another article about what Two-Factor Authentication is, and why this is important. The process consists of two steps. Creating a token once and later entering codes in browser or app.

The set-up per account

To use 2FA and the codes, you first request a token. When you request the token, it is stored and activated by an initial entry of the One Time Password (probably a six-digit code).

So it can be that you handle everything on the phone or computer, or that you let them work together. The latter is kind of easy. I took a Google Account as an example.

There, you go to the settings and look under security for Two-Factor Authentication. You indicate that you have an app, and then you can start. A QR tag appears that you just scan with your camera:

Scanning QR-tag with iPhone for native 2FA

Clicking it opens your password repository with Google accounts, and you manually link the request to the correct account. When you only have one account, it is even easier.

Connect 2FA token to account in Applepassword manager.

Then you confirm the link by typing the first code and then 2FA is set. The settings will be backed up in the iCloud and shared between macOS en iOS.

Entering codes when asked

An application occasionally asks for the One Time Password code. I'll briefly show how iOS and macOS handle that request.

On the iPhone

After entering username and password, the code field appears, and you choose the correct account, the code is entered. You can also choose to type them manually.

Native 2FA code entering on iPhone

On the Mac

On the computer, a dropdown appears if you have multiple accounts with 2FA. You choose the correct one and the code is entered.

Native 2FA code entering on Mac

Keychain is my password manager of choice

Keychain does everything I need from a password manager. It safely stores passwords across devices, helps me generate new passwords and I can add 2FA in a seamless flow.

Also, I can exchange accounts easily with my partner by airdropping them when necessary.

New development on the horizon are Passkeys which might replace passwords all together.

Passkeys are set to replace passwords
Apple Passkeys is warming up to make passwords redundant. Will it succeed? Let me explain Passkeys and give a demo.
Two-Factor Authentication (2FA)
I took a good look at Two-Factor Authentication (2FA) and I explain why I prefer an authenticator app above SMS.