Apple 2FA



  • Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?





  • @travisdh1 said in Apple 2FA:

    @pmoncho Authy https://apps.apple.com/us/app/authy/id494168017

    Yeah, I thought about Authy as that is what I use and like. With being Apple products, better to use Authy then having them create a Google/MS account and then setup G/MS Authenticator app on top of that.



  • @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?



  • @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.



  • @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Now, Google/MS do allow you to use their MFA tool for more than just their own services, and it appears that Apple does not, so on an iOS device you're forced to install a separate MFA tool, like Authy or GA, or MA.

    No account from Google is required to use GA by the way, I don't think so for MA either.



  • @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    You are not understanding how 2FA works.



  • @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Now, Google/MS do allow you to use their MFA tool for more than just their own services, and it appears that Apple does not, so on an iOS device you're forced to install a separate MFA tool, like Authy or GA, or MA.

    No account from Google is required to use GA by the way, I don't think so for MA either.

    Hmmm... Good to know. Maybe the last few setups I did (a while ago), I probably just went to fast, along with the users already having Google accounts and setting them up also.



  • @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    You are not understanding how 2FA works.

    That is quite possible.



  • @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.



  • @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.

    Would you just stop. This has nothing to do with actual 2FA as he is attempting to implement. Do not conflate things.



  • @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.

    Agreed. For users who only want to live within Apple's own universe, it definitely is not necessary.



  • @pmoncho said in Apple 2FA:

    Now, Google/MS do allow you to use their MFA tool for more than just their own services, and it appears that Apple does not, so on an iOS device you're forced to install a separate MFA tool, like Authy or GA, or MA.

    No account from Google is required to use GA by the way, I don't think so for MA either.

    Hmmm... Good to know. Maybe the last few setups I did (a while ago), I probably just went to fast, along with the users already having Google accounts and setting them up also.

    Yeah, it's likely they already had a Google account so there was an assumption, but I can assure you, no account it required to install and use the app for any website/app that allows you to use generic MFA solutions.



  • @JaredBusch said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.

    Would you just stop. This has nothing to do with actual 2FA as he is attempting to implement. Do not conflate things.

    So, then are you saying that the 2FA that is internal to Apple OS, is totally different concept than the 2FA the Google/MS app provides?

    I do understand the the implementation may be different but is the concept different?
    If so, then I definitely am missing something.



  • Authy has long been a better solution to use. but recent news means GA is just bad.
    https://lifehacker.com/switch-from-google-authenticator-to-a-more-secure-2fa-a-1842212483



  • @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.

    Would you just stop. This has nothing to do with actual 2FA as he is attempting to implement. Do not conflate things.

    So, then are you saying that the 2FA that is internal to Apple OS, is totally different concept than the 2FA the Google/MS app provides?

    I do understand the the implementation may be different but is the concept different?
    If so, then I definitely am missing something.

    Yes, you are missing something. It is not OTP 2FA as you are discussing.



  • @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.

    Would you just stop. This has nothing to do with actual 2FA as he is attempting to implement. Do not conflate things.

    So, then are you saying that the 2FA that is internal to Apple OS, is totally different concept than the 2FA the Google/MS app provides?

    I do understand the the implementation may be different but is the concept different?
    If so, then I definitely am missing something.

    Yes, you are missing something. It is not OTP 2FA as you are discussing.

    Ok Thanks, that make much more sense. Will worry more about Apple if I ever get one.



  • @JaredBusch said in Apple 2FA:

    Authy has long been a better solution to use. but recent news means GA is just bad.
    https://lifehacker.com/switch-from-google-authenticator-to-a-more-secure-2fa-a-1842212483

    Good to know. Authy it is.



  • FreeOTP Authenticator from Redhat is another option.



  • Authy is my first choice.

    • The encrypted backups for your accounts.
    • Allow approval from notifications. But it's disabled if you enable Authy protection PIN.
    • For security of the app, you can enable App protection, touch id protection, and protect the entire app.
    • Another nice addition is there Authy Desktop app (macOS, Windows and Linux via Snap) and Authy app for Chrome.


  • @JaredBusch said in Apple 2FA:

    Authy has long been a better solution to use. but recent news means GA is just bad.
    https://lifehacker.com/switch-from-google-authenticator-to-a-more-secure-2fa-a-1842212483

    if you have malware on your device, I'm not sure this is really what I'm worried about. Sure it's not great, but it could definitely be worse.



  • @black3dynamite said in Apple 2FA:

    • Allow approval from notifications.

    Which services support this with Authy?



  • @Dashrender said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    • Allow approval from notifications.

    Which services support this with Authy?

    I haven't bother looking into it because I use the app that is provided for that service.



  • @Dashrender said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    • Allow approval from notifications.

    Which services support this with Authy?

    FFS we had this conversation within the last 14 days

    everything does. because these are all built to standards.



  • @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.



  • @JaredBusch said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.

    I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.



  • @Dashrender said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.

    I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.

    This is a whole other topic again.

    When do you think apps stopped being able to do push notifications? That's all it is.



  • I do a few different things. I use FreeOTP and Yubikeys to store legacy TOTP codes. I also use Yubikeys for u2f as well. If the service has a 2fa push option like Zoho does, then I'll also sign up for that. This way I cover my bases if I happen to lose something.

    Plus you also have recovery codes for that as well.



  • @travisdh1 said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.

    I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.

    This is a whole other topic again.

    When do you think apps stopped being able to do push notifications? That's all it is.

    huh? The MS authenticator registers itself for push notifications from MS, GA does from Google - are you saying you can do that with Authy for google and microsoft services?

    I completely understand that I can add TOTP to Authy for MS and Google, but I quoted and am specifically asking about push notifications from those via Authy.

    My google foo is finding nothing but people bitching about how authy does NOT support push, but does support TOTP.

    Now all that said - I see that Authy has created One Touch - and that One Touch as an API that allows push notifications, but I can't find anywhere that says that Google/MS have enabled that feature.