I was setting up 2 factor authentication for a site, using my MacBook Pro. I entered my cell phone number to get the texted code. I then got a Notification on the Mac with the code! I found this somewhat ironic, as what good is the 2 factor authentication, which forces you to have 2 devices, when one device gives you both? Do I need to worry that if someone steals my laptop, they can still get into accounts, or can I rely on a strong iCloud password to keep thieves from getting this information?
2FA via SMS is not safe anyway:
Does the site support 2FA via an App (TOTP protocol, as used by Authy, Google Authenticator, etc.)?
I’ve had the same thing happen to me a few times and found it somewhat strange. But given the strange interactions between SMS and Messages it is hard to avoid (I’ve had the same thing happen on the iPhone).
About all you can do is move to TOTP everyplace that you can (I wish my banks would support it) and get away from SMS as much as possible. The TOTP support in 1Password makes using TOTP almost trivial.
I am not familiar with TOTP protocol. What is it/ What apps do you recommend?
Most people use Google Authenticator, but I rather don’t install Google software.
I use 1Password instead:
Authy also is a good alternative