{"id":33089,"date":"2021-07-09T14:41:56","date_gmt":"2021-07-09T18:41:56","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=33089"},"modified":"2022-02-04T16:35:22","modified_gmt":"2022-02-04T21:35:22","slug":"migrating-2fa-codes-from-authy-to-icloud-keychain","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/07\/09\/migrating-2fa-codes-from-authy-to-icloud-keychain\/","title":{"rendered":"Migrating 2FA Codes From Authy to iCloud Keychain"},"content":{"rendered":"<p><a href=\"https:\/\/sixcolors.com\/post\/2021\/07\/migrating-2fa-codes-from-authy-to-apples-system\/\">Dan Moren<\/a>:<\/p>\n<blockquote cite=\"https:\/\/sixcolors.com\/post\/2021\/07\/migrating-2fa-codes-from-authy-to-apples-system\/\">\n<p>Nice as it would be if Apple&rsquo;s new system could simply import all your codes from Authy&mdash;or other apps like Google Authenticator&mdash;it doesn&rsquo;t seem as though that&rsquo;s an option for that at present, which isn&rsquo;t entirely surprising given the security issues involved.<\/p>\n<p>[&#8230;]<\/p>\n<p>I found a tip that lets you easily <a href=\"https:\/\/gist.github.com\/gboudreau\/94bb0c11a6209c82418d01a59d958c93\">display all of your time-based one-time password (TOTP) setup keys from Authy<\/a> using the Authy Desktop app for Mac and Google Chrome.<\/p>\n<p>The end result was that I spent about an hour laboriously copying each setup code into the appropriate password entry in the Safari Technology Preview&rsquo;s Password section and&mdash;just to be on the safe side&mdash;logging in to each website to make sure it worked.<\/p>\n<\/blockquote>\n<p>I&rsquo;m interested in using this feature to enter 2FA codes more easily and to sync them using iCloud Keychain, but testing it out is giving me doubts:<\/p>\n<ul>\n<li><p>Most of the sites that I want to add 2FA codes to do not appear in the Passwords section of Safari&rsquo;s preferences, even though Safari does know how to auto-fill them. (Maybe this is because they are stored in a different keychain?) So there is no way to add the code, except maybe by consolidating keychains, which I don&rsquo;t really want to do.<\/p><\/li>\n<li><p>I don&rsquo;t want to use iCloud Keychain for all my passwords, just the 2FA codes, but that doesn&rsquo;t seem to be possible.<\/p><\/li>\n<li><p>I would prefer my codes to be protected by a separate, stronger passphrase.<\/p><\/li>\n<li><p>It doesn&rsquo;t feel like safe long-term storage since it doesn&rsquo;t work with import\/export. Indeed, once I added a code to a site, that site would no longer appear in exports at all. I do see some new entries in the Keychain Access app, but they are separate from the site&rsquo;s main entry (messy), and the credential is not actually visible in Keychain Access and can&rsquo;t be exported. I don&rsquo;t want this data to be stuck in an opaque app that might corrupt its database.<\/p><\/li>\n<\/ul>\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2021\/06\/17\/safari-15\/\">Safari 15<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/04\/20\/there-should-be-an-icloud-keychain-app\/\">There Should Be an iCloud Keychain App<\/a><\/li>\n<\/ul>\n\n<p>Update (2021-07-09): <a href=\"https:\/\/twitter.com\/DaveWoodX\/status\/1413576283460710400\">Dave Wood<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/DaveWoodX\/status\/1413576283460710400\">\n<p> I&rsquo;m surprised Apple even added this as a feature. Just like storing 2FA codes in 1Password, it&rsquo;s no longer 2FA if both factors are stored together.<\/p>\n<\/blockquote>\n\n<p id=\"migrating-2fa-codes-from-authy-to-icloud-keychain-update-2022-02-04\">Update (2022-02-04): <a href=\"https:\/\/tidbits.com\/2021\/10\/07\/add-two-factor-codes-to-password-entries-in-ios-15-ipados-15-and-safari-15\/\">Glenn Fleishman<\/a>:<\/p>\n<blockquote cite=\"https:\/\/tidbits.com\/2021\/10\/07\/add-two-factor-codes-to-password-entries-in-ios-15-ipados-15-and-safari-15\/\">\n<p>Thus, to switch from whatever you&rsquo;re using now to Apple&rsquo;s system, you&rsquo;ll have to disable and re-enable two-factor authentication for each site or, if the site supports it, regenerate the seeding secret.<\/p>\n<p>What if you want to try Apple&rsquo;s system but maintain whatever app you&rsquo;re using now? In that case, after you disable and re-enable two-factor authentication, you can scan the QR code or enter the setup key manually in multiple systems, one after another. Just add the QR code to Apple&rsquo;s system, and then, while it remains onscreen, scan it with Authy or 1Password or whatever.<\/p>\n<\/blockquote>\n\n<p>Apple has now implemented importing and <a href=\"https:\/\/eclecticlight.co\/2021\/10\/14\/how-to-export-passwords-and-other-secrets\/\">exporting<\/a> <a href=\"https:\/\/eclecticlight.co\/2021\/10\/17\/last-week-on-my-mac-passwords-and-patchwork-quilts\/\">via CSV<\/a>, including the 2FA codes, so at least you can make a local backup.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/cabel\/status\/1456390495622422528\">Cabel Sasser<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/cabel\/status\/1456390495622422528\"><p>I would like to try importing a 1P CSV into Passwords, but I&rsquo;m paranoid, and docs are scant. Would it overwrite any existing passwords? Is there a conflict dialog if there are dupes? What can I expect from the experieince?<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/rmondello\/status\/1456391926949765134\">Rick Mondello<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/rmondello\/status\/1456391926949765134\">\n<ul><li>We won&rsquo;t overwrite existing creds.<\/li>\n<li>There is a conflicts dialog at the end.<\/li>\n<li>Importing something that&rsquo;s exactly already there isn&rsquo;t a conflict. Just silent success.<\/li><\/ul>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/01\/27\/notes-in-apples-password-manager\/\">Notes in Apple&rsquo;s Password Manager<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Dan Moren: Nice as it would be if Apple&rsquo;s new system could simply import all your codes from Authy&mdash;or other apps like Google Authenticator&mdash;it doesn&rsquo;t seem as though that&rsquo;s an option for that at present, which isn&rsquo;t entirely surprising given the security issues involved. [&#8230;] I found a tip that lets you easily display all [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-07-09T18:41:59Z","apple_news_api_id":"90298407-0fff-4e2a-8b5b-b7e9bf13070a","apple_news_api_modified_at":"2022-02-04T21:35:26Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABQ==","apple_news_api_share_url":"https:\/\/apple.news\/AkCmEBw__TiqLW7fpvxMHCg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[2165,2028,1417,31,2078,1583,30,2077,103,48,2090],"class_list":["post-33089","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple-password-manager","tag-authy","tag-icloud-keychain","tag-ios","tag-ios-15","tag-keychain","tag-mac","tag-macos-12","tag-safari","tag-security","tag-two-factor-authentication-2fa"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/33089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=33089"}],"version-history":[{"count":6,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/33089\/revisions"}],"predecessor-version":[{"id":34933,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/33089\/revisions\/34933"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=33089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=33089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=33089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}