You can also watch this video at YouTube (but with ads).
Setting Up Automatic Two-Factor Code In Safari
Comments: 17 Responses to “Setting Up Automatic Two-Factor Code In Safari”
Comments Closed.
You can also watch this video at YouTube (but with ads).
I think that Apple would need to provide an iOS/padOS app that could access (i.e. view/display) the content of a user's keychain items (iCloud sync'd) before I'd move away from the facilities provided by password managers. Perhaps there is one that I am not aware of.
Eric: But besides passwords, what else would you want to view on your iPhone? For instance, it doesn't do any good to examine certificates and other things KeyChaiin stores.
Gary Is it available if a MacBook has Safari 15 or one needs to have Big Sur Or Monterey OS?
Lali: I believe you need Big Sur or Monterey for this, and Safari 15 yes.
IMO storing both passwords two-factor codes in the same place (Safari in this case) compromises security. Even more so when the settings that generate the codes are stored in iCloud. It’s the usual compromise between convenience and security - better than not using 2FA at all, but not as good as using a separate app or device to generate the code. Personally, I use a physical key that has to be plugged into my machine, and will only generate a code when touched.
Gary, thank you for the great tip! This will save a ton of time for me. There is still one minor annoyance though: each time after the two-factor code is automatically entered, Safari still prompts me to "update the password", and I still have to press "cancel" instead of "update." Apparently it thinks the two-factor code is a new password. This seems to be a bug that should be fixed by Apple?
Peter: That's not the case. There are still two factors: your device passcode and physical access to the device. It is much much much better to use two-factor than to not. Absolutely. The malicious hacker on the other side of the world just doesn't stand a chance with two-factor. But without it all they need is to guess your password. Using a physical key is good, but note you are doing the same thing then -- physical access to that key would get them the second factor.
Wei: That is probably due to how the website is coded. I see that in one place I go to, but not any others.
Gary: The other things that I would want to be able to view are secure notes. I am aware that the Notes app has this capability but sometimes it is just easier to have these items in one place.
If you use two factor authentication, why would you switch to a verification code? Is one more secure than the other?
Chris: They are the same thing. The "verification code" is the second factor.
Thanks for your reply, Gary. I'm sorry, I don't understand why physical access to the device would be needed to generate the two factor code. In theory at least, couldn't a (very) sophisticated hacker gaining access to, for example, a user's iCloud backup of his/her Safari settings etc) obtain remote access to both the password and the two factor code generator? Why would the hacker need physical access to the user's device itself?
Peter: To gain access to your iCloud backup someone would need your iCloud password and the 2-factor code for iCloud. So they would need to have one of your devices and be signed in with your passcode to get that 2-factor code before they even got into your iCloud account. They need physical access because there is no way to get the 2-factor codes just on a website or other online system. They can't log in somewhere and get a code. They have to have a device that is tied to your account.
In your example using Google I believe in order to have Safari input the authentication codes automatically you first need to set up the Google Authenticator app as the default and then "change" the method for signing in. Is this correct? I use Google prompts to my phone or iPad as the default. Also, does this sync to iCloud so you can use it on your iPhone and iPad as well as your Mac.
Carl: No, you never need to use the Authenticator app at all. But it is the same basic method. This does sync to iCloud, yes.
Thanks but I don't see a "change" option. Listed in order I see "ADD PHONE", "SET UP" Authenticator app, "ADD SECURITY KEY" and "REVOKE ALL" I'm running Big Sur v 11.6 and Safari v 15.0.
Carl: I'm not sure what you are looking at, sorry. Do you mean on the Google site? Add Phone would probably take you there. But if not, try the others too.