As part of Day 2 at WWDC, Eryn Wells, an Authentication Experience Engineer at Apple, revealed more details about a feature that didn’t make its way in to the WWDC Keynote on Monday. The feature in question? Support for two-factor authentication (2FA) codes in iCloud Keychain.
Some services, such as 1Password, already offer a similar feature.
In the video that lasts around 15 minutes, she discusses how users can use the new feature as well as how developers can set up their apps and websites to work better with this authentication service.
Once you have iOS or iPadOS 15 installed, setting up 2FA in some apps will already redirect you to the Settings app to configure your account with iCloud Keychain. You can then return to the app you were using to finish setting up 2FA. While many apps don’t yet support auto filling these time-based verification codes from iCloud Keychain, most apps that use a webpage for signing in, such as YouTube, already support autofilling not only your password from iCloud Keychain, but also these time-based verification codes.
There’s another way to set up your accounts within iCloud Keychain too. On your iPhone and iPad, go to Settings > Passwords > Select an account > Set up verification code. You can then scan a supported QR Code, or enter a setup key provided by a service. That’s it. You can go back at any time to see the verification codes.
On macOS Monterey, it’s a bit different. If Safari detects a compatible QR code from an image, it will offer to set up the code in iCloud Keychain from the context menu for the image. Accessing the context menu is a bit different depending on the hardware you use, however, it’s the same process you’d take to copy/paste content or download an image.
Codes will then automatically autofill on supported websites as long as you’re using Safari, but since some services don’t allow you to access the context menu for certain images, you may need to scan the QR code on your iPhone or iPad to set up your verification codes.
This is all part of new iCloud features announced at Apple’s annual developer conference this week, including iCloud+ and features such as Private Relay and Hide My Email.
App developers can also build in support for setting up authentication codes with iCloud Keychain with links or buttons in their apps. During the video, Eryn also discusses features released in iOS 14 and macOS Big Sur to help make SMA verification codes more secure, which are notoriously vulnerable to a variety of attacks.
