Operating systems: iOS (built in to the system), macOS (built in to the Safari browser)
Starting with iOS 15, all versions of the iPhone’s operating system have a built-in 2FA one-time code generator. To find it, go toSettings → Passwords, select a stored account (or create a new one), and under the heading Account Options tap Set Up Verification Code…. The rest is as usual: You can either scan the QR code or manually enter the secret key — or scan the authenticator QR code right from the camera app and then add a token to an existing account in Passwords. Inconveniently, the latter method will not prompt you to create a new account.
A built-in authenticator is now also available in macOS, or more specifically, in versions 15 and later of the Safari browser. To find it, open Safari, and in the menu at the top of the screen, go to Safari → Preferences → Passwords. Select an account (or tap + to create a new one), tap Edit, and in the window that opens, tap Enter Setup Key… (there is no QR code option here). The tokens automatically sync using iCloud, so you will not need to activate them again on the Маc if you have already created them on an iPhone.
In theory, the iOS/macOS built-in authenticator supports autofill, but in practice, it doesn’t work very smoothly yet. We ran a little experiment with a Twitter account and two-factor authentication with the code we received. Results were mixed: When we logged in to the Twitter app, the system successfully filled in an authentication code, but when we tried to log in to the Twitter website in Safari, the code never appeared, whether we tried in iOS or in macOS.
Pros:
- Availability on every iPhone (iOS 15 and later) and every Маc (regardless of OS, Safari 15 and later),
- No need to create a separate account,
- Ability to add a token directly from the camera app (but only to an existing account; it won’t work for creating a new one),
- Autofill for one-time codes,
- Access protection using Touch ID or Face ID,
- iCloud backup/sync.
Cons:
- Location in the depths of iOS or Safari settings,
- Display of only one token at a time,
- Inability to hide codes,
- Visible account password next to the code (iOS version),
- Storage of 2FA tokens and passwords together antithetical to principles of two-factor authentication,
- Inability to export and import tokens.
Summary
At first glance, building an authenticator into the OS looks like a good idea. However, in this case, autofill doesn’t work consistently, and the feature is too hard to find.
Add new comment