I made the mistake of forgetting about Authenticator when I did a clean reinstall of iOS a few months ago. It was a huge headache getting those 2FA codes reinstated on a new device… literally a couple hours of work. I’m motivated to post this thread just to increase the chance I’ll remember the next time…!
Oh yes! Good shout. I remember that same pain from 3 iPhones ago.
I have since moved all my 2FA to 1Password and have not had a problem since. It also makes it a lot easier to log in as it copies the 2FA code when you autofill the login.
2 exceptions:
Office 365 as Microsoft unfortunately must have their own authentication standard, so I need their Authenticator app.
1Password itself which I have set up in same Microsoft Authenticator app, so I can’t lock myself out
Apple are moving slowly and deliberately towards increased MFA security like its recent support for the the WebAuthn standard, allowing use of NFC, USB, and Lightning FIDO2-compliant security keys in Safari and SFSafariViewController. But it’s glacially slow pace of support seems strange to me. I was surprised Apple did not integrate some greater level of authentication into iOS.
Perhaps this is something they intend to standardize on with Apple Silicon-only hardware in the future as a differentiator…?
You should definitely use 1Password, or, at the very least, Authy which will sync your 2FA codes to different devices and let you easily reinstall it on a new device.
Been thinking about ditching the 1Password subscription (I’m not) - indeed iCloud Keychain and Authy replicate much of the functionality for passwords alone.
I use Office 365 at work and I have the 2FA code stored in 1Password. It does default to wanting to use their own app but you can set it up in others. However, I cannot remember how I did this as I am typing this message. I’m just adding this comment to let people know that it is possible.
SafeInCloud also supports 2FA, has browser extensions, is available for all major platforms, offers multiple syncing options, and all that without a subscription.
Really, there are more good password managers than 1Password. Please don’t make it sound (“you should definitely use…”) like there is only one option.
Another vote for Authy. I can’t remember why I moved from the Google Authenticator app, but it may have been because Authy synchronises between my iPhone, iPad, and Mac, so I can grab the token wherever I am.
Ive removed the 2FA code from 1Password and my Office 365 account to work out how I did this the first time. Before anyone goes any further I should note that this account is an education/business account and my phone number has already been added as a 2FA source. I have never tried this with a personal Office 365 account so I am not sure if this is something which only works in the business version.
After visiting login.microsoft.com and signing in these are menu steps I followed:
My Account
Additional Security Verification
Set Authenticator
Configure Without Notification (next to the initial QR code)
At this point I could capture the QR code in 1Password and then verify the code.
Below is the screencast of the steps outlined above.
I know we’ve just met, but I am sorely tempted to kiss you square on the mouth.
I don’t know what I was doing wrong before, but I never saw that “Configure Without Notification” option before (and I don’t even think I had gotten to that screen from the same way, so I think whatever path I had taken might be older, etc).
Anyway, I have an edu/business Office Microsoft 365 account and this worked perfectly, and now I won’t have to go into Google Voice to get my 2FA codes anymore.