Setting Up Automatic Two-Factor Code In Safari

Safari 15 allows you to save a key and get two-factor codes for Google and many other services. This allows you to not only fill in IDs and passwords for sites, but the two-factor verification code as well. No need to pull out your iPhone or use another app.

Comments: 17 Responses to “Setting Up Automatic Two-Factor Code In Safari”

    Eric
    2 years ago

    I think that Apple would need to provide an iOS/padOS app that could access (i.e. view/display) the content of a user's keychain items (iCloud sync'd) before I'd move away from the facilities provided by password managers. Perhaps there is one that I am not aware of.

    2 years ago

    Eric: But besides passwords, what else would you want to view on your iPhone? For instance, it doesn't do any good to examine certificates and other things KeyChaiin stores.

    Lali Raj
    2 years ago

    Gary Is it available if a MacBook has Safari 15 or one needs to have Big Sur Or Monterey OS?

    2 years ago

    Lali: I believe you need Big Sur or Monterey for this, and Safari 15 yes.

    Peter
    2 years ago

    IMO storing both passwords two-factor codes in the same place (Safari in this case) compromises security. Even more so when the settings that generate the codes are stored in iCloud. It’s the usual compromise between convenience and security - better than not using 2FA at all, but not as good as using a separate app or device to generate the code. Personally, I use a physical key that has to be plugged into my machine, and will only generate a code when touched.

    Wei
    2 years ago

    Gary, thank you for the great tip! This will save a ton of time for me. There is still one minor annoyance though: each time after the two-factor code is automatically entered, Safari still prompts me to "update the password", and I still have to press "cancel" instead of "update." Apparently it thinks the two-factor code is a new password. This seems to be a bug that should be fixed by Apple?

    2 years ago

    Peter: That's not the case. There are still two factors: your device passcode and physical access to the device. It is much much much better to use two-factor than to not. Absolutely. The malicious hacker on the other side of the world just doesn't stand a chance with two-factor. But without it all they need is to guess your password. Using a physical key is good, but note you are doing the same thing then -- physical access to that key would get them the second factor.

    2 years ago

    Wei: That is probably due to how the website is coded. I see that in one place I go to, but not any others.

    Eric
    2 years ago

    Gary: The other things that I would want to be able to view are secure notes. I am aware that the Notes app has this capability but sometimes it is just easier to have these items in one place.

    Chris J
    2 years ago

    If you use two factor authentication, why would you switch to a verification code? Is one more secure than the other?

    2 years ago

    Chris: They are the same thing. The "verification code" is the second factor.

    Peter
    2 years ago

    Thanks for your reply, Gary. I'm sorry, I don't understand why physical access to the device would be needed to generate the two factor code. In theory at least, couldn't a (very) sophisticated hacker gaining access to, for example, a user's iCloud backup of his/her Safari settings etc) obtain remote access to both the password and the two factor code generator? Why would the hacker need physical access to the user's device itself?

    2 years ago

    Peter: To gain access to your iCloud backup someone would need your iCloud password and the 2-factor code for iCloud. So they would need to have one of your devices and be signed in with your passcode to get that 2-factor code before they even got into your iCloud account. They need physical access because there is no way to get the 2-factor codes just on a website or other online system. They can't log in somewhere and get a code. They have to have a device that is tied to your account.

    Carl
    2 years ago

    In your example using Google I believe in order to have Safari input the authentication codes automatically you first need to set up the Google Authenticator app as the default and then "change" the method for signing in. Is this correct? I use Google prompts to my phone or iPad as the default. Also, does this sync to iCloud so you can use it on your iPhone and iPad as well as your Mac.

    2 years ago

    Carl: No, you never need to use the Authenticator app at all. But it is the same basic method. This does sync to iCloud, yes.

    Carl
    2 years ago

    Thanks but I don't see a "change" option. Listed in order I see "ADD PHONE", "SET UP" Authenticator app, "ADD SECURITY KEY" and "REVOKE ALL" I'm running Big Sur v 11.6 and Safari v 15.0.

    2 years ago

    Carl: I'm not sure what you are looking at, sorry. Do you mean on the Google site? Add Phone would probably take you there. But if not, try the others too.

Comments Closed.