Two-factor authentication sounds scary, but Apple makes it very easy to use
If you’ve shied away from setting up two-factor authentication in the past, this guide is for you.
On Monday I wrote to you about how to use iCloud Keychain to easily generate and store secure passwords for all of the various online accounts you have. Today I want to talk about how to take that security even further with two-factor authentication. And just like what I covered already, the technology to manage this in a simple way is already on your Mac, iPhone, and iPad.
First let’s talk about what two-factor authentication is. We’ve all been using “one-factor” authentication for decades: you go to a website that you have an account set up with, and you enter your username and password and you’re in. Simple. But that simplicity comes with security risks: if someone has your password, they have your account. That’s where two-factor authentication comes in: in addition to setting up a password (the first factor) you also set up a second factor whereby once you put in the correct password, you have to provide a second means of authenticating yourself. A common way this works is that you get sent a text or email with a temporary code that you then have to enter before your login is successful.
There are also dedicated two-factor authentication apps like LastPass Authenticator, Microsoft Authenticator, and Google Authenticator. These apps are all great, but did you know that iCloud Keychain has built-in two factor authentication? And because it’s synced with iCloud, when you set up a verification code on one device, it gets synced to all of them.
Before going any further it’s probably good to point out that not every website, app, or service supports two-factor authentication (though they all should). In fact, it’s probably the case that a majority of the accounts you have don’t support two-factor. But if you can set it up, you should.
If an account supports two-factor authentication, you’ll be able to find it in the settings for your account. Different websites/apps put it in different places, but it may be under “two-factor authentication, “account security,” “account verification,” or something similarly worded. When you enable two-factor authentication, you’ll have to choose to enter a setup key (provided by the website) or scan a QR code. The way I like to do this is to enable two-factor authentication from the website on my Mac so that I can then use the camera on my iPhone to scan the QR code.
I’m going to use Twitter as an example because I know that they support two-factor authentication. Let’s say you’ve logged into Twitter via Safari on your Mac with the account credentials that you already had stored in iCloud Keychain. You’ve gone into your account settings on the Twitter website and checked the box to enable two-factor authentication, and it’s presenting you with a QR code. Now what?
On your iPhone, go to Settings > Passwords and pull up the entry for Twitter. In the middle of the screen you’ll see a button labeled “Set Up Verification Code…” Tap that and then tap “Scan QR code.” As soon as your iPhone’s camera scans the QR code on the website, a relationship is formed between your Twitter account and your iPhone. The next time you log into Twitter you’ll put in your username and password and then you’ll be prompted to enter the code that’s stored in the iCloud Keychain record for your Twitter account. But you probably won’t even need to go looking for it. Your Apple device will automatically prompt you to use Touch ID or Face ID to autofill the code.
If you were to look in the Keychain record for Twitter stored on your iPhone in Settings > Passwords you’ll see that every 30 seconds it generates a new code that both your iPhone and Twitter knows. Cycling through randomly generated codes every 30 seconds further enhances the security and makes it so that there’s absolutely nothing you have to remember. And best of all, iCloud syncs this information across all of your Apple devices, so you can immediately pull up your iPad and the same code your iPhone is displaying will be there as well.
iCloud Keychain makes setting up and managing two-factor authentication simple and easy.
If you found this helpful and particularly if you took this information and used it to make your accounts more secure, I’d love to hear from you!
I wasn't aware of this at all. Very cool.
Super valuable column. I migrated most of my 2FA to the native passwords app and out of Google. Thanks!