iClound's 2FA is pretty great-- I have zero desire to branch out in this category. Especially because it seems like the 3rd party apps just keep getting worse.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Authy Is Sunsetting Its Desktop Authenticator Apps on March 19, 2024
- Thread starter MacRumors
- Start date
- Sort by reaction score
In the event your KeyChain can't be accessed, what do you do to access accounts requiring MFA?
Ah, third-party 2FA apps... the modern equivalent of genuinely believing that putting a symbol, a number, and a capital letter in your password helps with Internet security. 🤪
iCloud Keychain and LONG passwords are all I use for my personal accounts and they've worked great. Though I guess passkeys will eventually make both passwords and third-party apps obsolete eventually? 🤔
iCloud Keychain and LONG passwords are all I use for my personal accounts and they've worked great. Though I guess passkeys will eventually make both passwords and third-party apps obsolete eventually? 🤔
Semi-pro tip: for useful password hygiene, I use the notes section at the bottom of each password card in iCloud Keychain to store what info I’ve stored on the site.
This is useful:
- if you have multiple addresses, phone numbers, accounts, or personas (I use an alias name and birthday for non critical accounts and limit information, esp static info like phone number where practical on all accounts).
- for keeping track of which kind, or none, MFA is active on each site. (So you can periodically check if upgrade from 1FA (weak) and/or 2te (identifying) to 2au or 2em is available.
- one time codes and recovery keys.
- phone passphrases and PINS/PUKS.
- Answers to self selected challenge questions. (My answers are short random words unrelated to the actual question so documenting as here is especially important).
After I migrated from an excel sheet to the then new iCK in 2014, I kept account numbers in the notes section of the Contacts cards. But because Contacts isn’t TouchID/FaceID protected and it would be possible to accidentally share the card, I eliminated these weaknesses by moving all info to the locked and encrypted password cards.
When I call or chat with an entity I open up the p/w card and all info is at hand but in the meantime all info is in an encrypted and password protected location on my iPhone and backed up in iCloud.
This makes periodic maintenance (searching MFA status and upgrading) easy.
Finally, by converting all accounts from the 3 email addresses to site unique iCloud hide my email addresses a few years ago, when a site reports or is reported to have a breach, I can quickly change e/m and p/w and combined with having records as described above, any other info like PINs, Q&A, etc.
It is a very nice feeling to have.
ps for credit cards, I keep all info as described above in the password cards with the exception of keeping the card number, exp date, CVV/CVN in Settings>Safari>autofill (which I then scrape off the physical card) with a backup pdf of the unmolested card in a locked note of the Notes app). I don’t duplicate the card info in autofill to the p/w card because it makes maintenance more difficult keeping duplicate info in 2 locations.)
Hope this is helpful to somebody embarking on getting such info under control. It takes a while (I’ve done over the years as features were added into iCloud Keychain) but stick with it and when done you will have a feeling of serenity and confidence that you’re as well protected as possible and in an easy to use and maintain way.
Addendum (my notes structure looks like this):
Security: 1FA24 or 2au24 or 2em24 , 2te24 or 3FA(te) where I’ve not used MFA bc te is only option and captures my phone number.
Payment: (0$). (If there is stored payment info).
Site: -. (new: yyyy.mm.dd).
Acct: (new: yyyy.mm.dd).
— — —
e/m: see above. (if e/m can’t be used for authentication, remove note and save e/m here.)
s/n: none.
u/n: none.
— — —
(initials with + or -).
(form of name).
bio: 0ph,0z,0bd.
— — —
*Q&A24:
— — —
*One Time Codes24 (in use, copy from list bottom then delete):
— — —
*Phrase24:
— — —
*PIN24:
— — —
*PUK24:
— — —
*Recovery Key24:
— — —
HELP:
- +1-800-xxx-yyyy.
- M-F: 0800-1700 EST.
— — —
COMMENTS:
- none.
— — —
This is useful:
- if you have multiple addresses, phone numbers, accounts, or personas (I use an alias name and birthday for non critical accounts and limit information, esp static info like phone number where practical on all accounts).
- for keeping track of which kind, or none, MFA is active on each site. (So you can periodically check if upgrade from 1FA (weak) and/or 2te (identifying) to 2au or 2em is available.
- one time codes and recovery keys.
- phone passphrases and PINS/PUKS.
- Answers to self selected challenge questions. (My answers are short random words unrelated to the actual question so documenting as here is especially important).
After I migrated from an excel sheet to the then new iCK in 2014, I kept account numbers in the notes section of the Contacts cards. But because Contacts isn’t TouchID/FaceID protected and it would be possible to accidentally share the card, I eliminated these weaknesses by moving all info to the locked and encrypted password cards.
When I call or chat with an entity I open up the p/w card and all info is at hand but in the meantime all info is in an encrypted and password protected location on my iPhone and backed up in iCloud.
This makes periodic maintenance (searching MFA status and upgrading) easy.
Finally, by converting all accounts from the 3 email addresses to site unique iCloud hide my email addresses a few years ago, when a site reports or is reported to have a breach, I can quickly change e/m and p/w and combined with having records as described above, any other info like PINs, Q&A, etc.
It is a very nice feeling to have.
ps for credit cards, I keep all info as described above in the password cards with the exception of keeping the card number, exp date, CVV/CVN in Settings>Safari>autofill (which I then scrape off the physical card) with a backup pdf of the unmolested card in a locked note of the Notes app). I don’t duplicate the card info in autofill to the p/w card because it makes maintenance more difficult keeping duplicate info in 2 locations.)
Hope this is helpful to somebody embarking on getting such info under control. It takes a while (I’ve done over the years as features were added into iCloud Keychain) but stick with it and when done you will have a feeling of serenity and confidence that you’re as well protected as possible and in an easy to use and maintain way.
Addendum (my notes structure looks like this):
Security: 1FA24 or 2au24 or 2em24 , 2te24 or 3FA(te) where I’ve not used MFA bc te is only option and captures my phone number.
Payment: (0$). (If there is stored payment info).
Site: -. (new: yyyy.mm.dd).
Acct: (new: yyyy.mm.dd).
— — —
e/m: see above. (if e/m can’t be used for authentication, remove note and save e/m here.)
s/n: none.
u/n: none.
— — —
(initials with + or -).
(form of name).
bio: 0ph,0z,0bd.
— — —
*Q&A24:
— — —
*One Time Codes24 (in use, copy from list bottom then delete):
— — —
*Phrase24:
— — —
*PIN24:
— — —
*PUK24:
— — —
*Recovery Key24:
— — —
HELP:
- +1-800-xxx-yyyy.
- M-F: 0800-1700 EST.
— — —
COMMENTS:
- none.
— — —
Last edited:
Show me how to use Apple Keychain on my Apple Watch for 2FA codes and how to use it in Windows over RDP. Both completely make keychain DOA.
I’ve not migrated to passkeys. Not sure if it is caution, laziness or because iCloud Keychain with e/m + p/w + 2FA works so well with no known weaknesses. Maybe one day tho.
If you have an Apple silicon Mac you can just run the iOS/iPadOS version of Authy on your desktop which is what I've been doing for awhile now...problem solved
Last edited:
Practical solution! This was on of the promises of M-chips, possibility of porting A-chip apps to Mac. Wish it was possible for more apps.
If Authy didn’t point out this workaround, I wonder why they didn’t. That seems odd if this is case.
I have been using the mobile version on the M1 for years now. Works great.
This sucks! I use 1password because I store way more then just passwords (SSH keys, api keys etc) but want my codes kept outside of 1password.
I'm more worried they are going to retire authy completely.
FYI I found the iPad app runs better on macos but I'll look to move off it...
I'm more worried they are going to retire authy completely.
FYI I found the iPad app runs better on macos but I'll look to move off it...
Only on ARM macs and it's only if they allow it. App devs can opt out of it. Often its the iPad version if there's one
On Apple Silicon Macs, this can be an option if the app developer hasn't blocked it.
It's a non-starter if you need to use anything outside of Apple's ecosystem. Plus, I wouldn't want to put all my eggs in one basket. Apparently, it only takes a passcode of reset your Apple ID.
That's odd. My company has their own password manager. I thought everyone has their own since every company I've worked at has their own password manager.
How does 1Password exactly work? Is it on a server somewhere? Do you have to type in like https://1password in your web browser and then sign in with your own account? I'm really curious.
I have fully succumbed to the 1Password subscription
The importance of the data within is absolutely critical
Nothing touches it for polish and reliability across the Apps and Platforms
(I'm not just on Apple stuff)
The importance of the data within is absolutely critical
Nothing touches it for polish and reliability across the Apps and Platforms
(I'm not just on Apple stuff)
Because not everyone only uses Apple devices exclusively for absolutely everything?
If you have a ARM based macbook, (M1+x) you can just run the `iPad` app on macOS.
Don't know if you want to run authy android app on windows 10/11.
Don't know if you want to run authy android app on windows 10/11.
1Password is probably the best game in town for enterprise vault sharing.
However, the macOS app has taken a nosedive since it became an Electron app. And I am not talking about aesthetics and memory usage, which are decent enough. It's just flaky as hell.
Because the entire world doesn't only use Apple devices, I only use Windows so relying on Apple for authentication is useless to me.
I've been using Roboform for many years, works great on Windows, iPad, iPhone and Apple Watch. Used Authy for a while as well but as Roboform has a built in authenticator these days I've now migrated everything over, all devices are syncing perfectly.