Apple 2FA



  • Authy has long been a better solution to use. but recent news means GA is just bad.
    https://lifehacker.com/switch-from-google-authenticator-to-a-more-secure-2fa-a-1842212483



  • @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.

    Would you just stop. This has nothing to do with actual 2FA as he is attempting to implement. Do not conflate things.

    So, then are you saying that the 2FA that is internal to Apple OS, is totally different concept than the 2FA the Google/MS app provides?

    I do understand the the implementation may be different but is the concept different?
    If so, then I definitely am missing something.

    Yes, you are missing something. It is not OTP 2FA as you are discussing.



  • @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @pmoncho said in Apple 2FA:

    Working on our potential WFH plan, I plan on having my users use 2FA to access our SSL-VPN. I won't have an issue with Android and Windows but I have no clue how to help those with iPhones as I have not used or played with one.

    I use Authy myself and a few others use Google Authenticator. Did some searching and Apple has 2FA in the OS but states it is only for Apple devices.

    So what do individuals use for 2FA for work or other sites? Just use MS Authenticator and Google Authenticator?

    Umm, what would apple's built in 2fa have to do with your third party websit 2fa?

    The fact that Apple does not have their own Authenticator app in the app store like Google and MS do. Plus, what Apple does have, only works with Apple products. Hopefully this knowledge will save time for someone is in the same situation.

    Other than that, nothing.

    Well sure - Since apple owns it's world from soup to nutz they can bake their own MFA in, none of the other platforms do - so they have to to provide add-on apps.

    Yeah, I totally understand why they do what they do. Just didn't realize they wouldn't have an app for their users. Oh well, moving on...

    Since apple controls the whole thing, they don't need to do what others do - so a separate app isn't necessary for them.

    Would you just stop. This has nothing to do with actual 2FA as he is attempting to implement. Do not conflate things.

    So, then are you saying that the 2FA that is internal to Apple OS, is totally different concept than the 2FA the Google/MS app provides?

    I do understand the the implementation may be different but is the concept different?
    If so, then I definitely am missing something.

    Yes, you are missing something. It is not OTP 2FA as you are discussing.

    Ok Thanks, that make much more sense. Will worry more about Apple if I ever get one.



  • @JaredBusch said in Apple 2FA:

    Authy has long been a better solution to use. but recent news means GA is just bad.
    https://lifehacker.com/switch-from-google-authenticator-to-a-more-secure-2fa-a-1842212483

    Good to know. Authy it is.



  • FreeOTP Authenticator from Redhat is another option.



  • Authy is my first choice.

    • The encrypted backups for your accounts.
    • Allow approval from notifications. But it's disabled if you enable Authy protection PIN.
    • For security of the app, you can enable App protection, touch id protection, and protect the entire app.
    • Another nice addition is there Authy Desktop app (macOS, Windows and Linux via Snap) and Authy app for Chrome.


  • @JaredBusch said in Apple 2FA:

    Authy has long been a better solution to use. but recent news means GA is just bad.
    https://lifehacker.com/switch-from-google-authenticator-to-a-more-secure-2fa-a-1842212483

    if you have malware on your device, I'm not sure this is really what I'm worried about. Sure it's not great, but it could definitely be worse.



  • @black3dynamite said in Apple 2FA:

    • Allow approval from notifications.

    Which services support this with Authy?



  • @Dashrender said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    • Allow approval from notifications.

    Which services support this with Authy?

    I haven't bother looking into it because I use the app that is provided for that service.



  • @Dashrender said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    • Allow approval from notifications.

    Which services support this with Authy?

    FFS we had this conversation within the last 14 days

    everything does. because these are all built to standards.



  • @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.



  • @JaredBusch said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.

    I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.



  • @Dashrender said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.

    I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.

    This is a whole other topic again.

    When do you think apps stopped being able to do push notifications? That's all it is.



  • I do a few different things. I use FreeOTP and Yubikeys to store legacy TOTP codes. I also use Yubikeys for u2f as well. If the service has a 2fa push option like Zoho does, then I'll also sign up for that. This way I cover my bases if I happen to lose something.

    Plus you also have recovery codes for that as well.



  • @travisdh1 said in Apple 2FA:

    @Dashrender said in Apple 2FA:

    @JaredBusch said in Apple 2FA:

    @black3dynamite said in Apple 2FA:

    Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

    @Dashrender read the entire fucking line....

    The app supports it unless you proctect it in the first place. which you should..

    It has nothing to do with the service.

    I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.

    This is a whole other topic again.

    When do you think apps stopped being able to do push notifications? That's all it is.

    huh? The MS authenticator registers itself for push notifications from MS, GA does from Google - are you saying you can do that with Authy for google and microsoft services?

    I completely understand that I can add TOTP to Authy for MS and Google, but I quoted and am specifically asking about push notifications from those via Authy.

    My google foo is finding nothing but people bitching about how authy does NOT support push, but does support TOTP.

    Now all that said - I see that Authy has created One Touch - and that One Touch as an API that allows push notifications, but I can't find anywhere that says that Google/MS have enabled that feature.