You can balance both account security with the convenience of autofill when you set up two-factor authentication in iCloud Keychain. Here's how to do it.
The built-in iCloud Keychain on your Apple device stores all your account credentials for you, and automatically fills them in at the sign-in screen with just your face or fingerprint. However, the baseline Keychain only memorizes your username and password — which could be made more secure.
One popular way to increase security is to use hardware only accessible to you, which keeps your account from solely relying on vulnerable virtual credentials. As nefarious attackers steal your account information, via hacks or by phishing, a physical second line of defense accessible only to you secures your content even more.
Two-factor authentication, or 2FA, is a shorter alphanumeric code sent to a physical hardware endpoint like your phone. Since the attacker (probably) won't have your personal phone or laptop with them, they won't be able to insert the extra code, keeping your account's sensitive data safe and private.
You can set 2FA via iCloud Keychain to get that extra level of security, and have that code sent right to Keychain. You must first enable 2FA with the app where the account you want protected is registered with.
Before you begin, you will need a device registered with your iCloud account with Keychain turned on, and access to the 2FA settings of the app.
You might want to open the app you want to set up 2FA with on another device to avoid having to leave the screen and having to re-authenticate for advanced account settings.
How to set up two-factor authentication for iCloud Keychain
Since every app has a different interface, we will be using the popular chat app Discord to demonstrate. However, most apps that offer 2FA will have mechanisms similar to this implementation, albeit with different button names and layouts.
- Open Settings on your Apple device.
- Tap Passwords.
- Authenticate with your device password or with Face ID or Touch ID.
- Tap the set of credentials you want to set up 2FA with.
- Tap Set Up verification Code.
- Tap Enter Setup Key.
- Launch Discord.
- Access User Settings.
- In the My Account section, scroll down to Password and Authentication and click View Backup Codes.
- A one-time verification key will be sent to the associated account email. Sign in to your inbox, access the message from Discord, then copy and paste the code into the Discord prompt box.
- Discord should now give you a list of backup codes. Choose one, then return to iCloud Keychain.
- Type the code into the text input box exactly as shown from Discord, into iCloud Keychain.
- Tap OK.
Now the 2FA verification code will be shown in iCloud Keychain. The Backup Code provided by Discord that you have used will need to be discarded as it is a one-time use scenario.