Using 2FA with Apple Keychain

Apple has integrated Two-Factor Authentication (2FA) into macOS and iOS through Keychain. I explain how 2FA works and how it looks.

Using 2FA with Apple Keychain
Two sides of a bridge symbolising the shared token by server and client. 

This article is for you when you want to improve and simplify your cybersecurity and you :

  1. Use a Mac and an iPhone together
  2. Use Apple Keychain for passwords
  3. Sync via iCloud
  4. Your default browser is Safari

So this is a bit of an article for the fans. And off course the content here probably is outdated when the next update by Apple is done, but then still you can learn a bit about the clever setup of 2FA.

Apple doesn't advertise it much, and I get that. With 2FA you add security but rarely ease of use. Also, the current flows are certainly not without bumps.

I wrote another article about what Two-Factor Authentication is, and why this is important. The process consists of two steps. Creating a token once and later entering codes in browser or app.

Setting Up 2FA for a Account

To enable 2FA, you'll follow a series of steps that might vary slightly depending on the service you're using. Behind the scenes, a unique token is generated and linked to your account, but you won't need to worry about that.

Here's a general guide:

  • Choose Your Device: You can set up 2FA on your phone or computer, or even let them work together. The latter is surprisingly simple, and I'll use a Google Account to illustrate how it's done.
  • Navigate to Security Settings: Head over to your Google Account settings and look for the Two-Factor Authentication option under the security tab.
  • Select an App for 2FA: Indicate that you have an app for 2FA, and you'll be ready to begin. A QR tag will appear on the screen.
Image showing the scanning of QR-tag with iPhone for native 2FA
Scanning QR-tag with iPhone for native 2FAx
  • Scan the QR Tag: Simply scan the QR tag with your camera. Clicking it will open your password repository with Google accounts, where you can manually link the request to the correct account. If you only have one account, it's even easier.
Image showing how to connect 2FA token to account in Apple password manager.
Connect 2FA token to account in Apple password manager.
  • Confirm the Link: Finally, confirm the link by typing the first code, and voila! 2FA is set up. Your settings will be backed up in iCloud and shared between macOS and iOS, ensuring a seamless experience across your devices.

This process sets up 2FA without requiring you to understand the technical details of token generation. It's designed to be user-friendly and adds an essential layer of security to your accounts.

Keychain is my password manager of choice

Keychain does everything I need from a password manager. It safely stores passwords across devices, helps me generate new passwords and I can add 2FA in a seamless flow.

Also, I can exchange accounts easily with my partner by airdropping them when necessary.

New development on the horizon: Passkeys which might replace passwords all together.