iOS 12 and macOS Mojave have a feature that can make your life easier and keep you protected online. The feature, known as Security Code Autofill, makes it much easier to use two-factor authentication (2FA) on your devices. In this guide, I’ll tell you about two-factor authentication and why you should use it, as well as how to set up and use Security Code Autofill.
What is 2FA?
Two-factor authentication (2FA) works to add an additional layer of security to online logins. When you try to log into an account or service, you’re typically asked to enter a passcode or password, identify yourself by email or account name, and sometimes add other information that only you could know.
Services and accounts that use 2FA also require you to enter a passcode that is sent to you in a text message to the phone number you entered when you created the account. 2FA combines something you know (the password and 2FA code) with something you have (the iPhone, iPad or Mac). You must be in possession of the device to access the account if it’s protected by 2FA and know the other relevant info for login that is required.
Why Don’t More People Use 2FA?
A lot of people have tried 2FA, but don’t like it for one very good reason — it’s hard to remember a 6 to 8 number passcode long enough to type it into the proper spot on the login page for a service or account. Apple wants people to embrace 2FA since it really makes it much more difficult for criminals to enter online accounts, so they came up with a way for the operating systems — iOS and macOS — to automatically recognize incoming 2FA text messages and offer to auto-fill the code into the online login screen.
How Does Security Code Autofill Work?
Apple created a way to use machine learning to determine whether or not an incoming text message carries a security code. Security Code Autofill automates the process of taking the security code from the text message and entering it into the part of the app or service you’re trying to log into. Synchronizing text messages through iCloud allows the operating systems to take 2FA passcodes from the iPhone and use them in Security Code Autofill in Safari on the Mac.
How Do I Enable Security Code Autofill?
You don’t need to do anything to enable Security Code Autofill. It’s part of both iOS 12 and macOS Mojave, and doesn’t require any settings changes to get it running.
Show Me How It Works
As an example of how Security Code Autofill works, I’m going to sign into a site and an app for a service I use called Stripe. Stripe handles online payments, so they’re very strict about security and require 2FA to be in place for all accounts. On my Mac, I simply go to their website and click the login link, enter my user name and password, and then a dialog appears asking for the 2FA verification code (see screenshot below):
The small blue dialog titled “From Messages” shows the code that needs to be entered for 2GA. With a click on that code, it’s automatically typed into the six text boxes on this verification screen. After this, a quick click on “Sign in to your account” moves me forward to the Stripe dashboard. No typing required!
On an iOS device, using either an app or a website that uses 2FA, there’s a similar process at work. Using the Stripe app on my iPhone XS Max, it’s easy for me to enter my user name and password automatically with Face ID. When Stripe sends a 2FA verification code, Security Code Autofill recognizes it and places it in the QuickType bar just above the numeric keypad that appears (in the screenshot below, it says “From Messages” and shows the six-number code. With a tap on the code, it’s automatically entered into the 2FA verification code field for me.
Are There Any Cases Where Security Code Autofill Won’t Work?
Like most features in iOS and macOS — or any operating system for that matter — there are cases where Security Code Autofill doesn’t work properly. I’ve found it works well when using Apple’s Safari browser, but it does not work with Google Chrome, Mozilla Firefox, or Opera browsers. Some Mac and iOS apps that support two-factor authentication haven’t been updated to work with Security Code Autofill yet, so you’ll still need to enter those codes by hand.
Security Code Autofill works quite well in the majority of situations, so if you’ve been waiting to set up two-factor authentication because of the hassle of entering verification codes, you now have nothing to stop you from doing so! Some pundits believe that the fact that 2FA works through SMS text messaging makes it too easy for hackers to grab those codes and steal your accounts, so it’s likely that authentication apps that generate time-based one-time passwords (like 1Password, Google Authenticator, LastPass and others) are the wave of the future for 2FA.