Using Security Code Autofill in iOS 12 and macOS Mojave

iOS 12 and macOS Mojave have a feature that can make your life easier and keep you protected online. The feature, known as Security Code Autofill, makes it much easier to use two-factor authentication (2FA) on your devices. In this guide, I’ll tell you about two-factor authentication and why you should use it, as well as how to set up and use Security Code Autofill.

What is 2FA?
Two-factor authentication (2FA) works to add an additional layer of security to online logins. When you try to log into an account or service, you’re typically asked to enter a passcode or password, identify yourself by email or account name, and sometimes add other information that only you could know.

Services and accounts that use 2FA also require you to enter a passcode that is sent to you in a text message to the phone number you entered when you created the account. 2FA combines something you know (the password and 2FA code) with something you have (the iPhone, iPad or Mac). You must be in possession of the device to access the account if it’s protected by 2FA and know the other relevant info for login that is required.

Why Don’t More People Use 2FA?
A lot of people have tried 2FA, but don’t like it for one very good reason — it’s hard to remember a 6 to 8 number passcode long enough to type it into the proper spot on the login page for a service or account. Apple wants people to embrace 2FA since it really makes it much more difficult for criminals to enter online accounts, so they came up with a way for the operating systems — iOS and macOS — to automatically recognize incoming 2FA text messages and offer to auto-fill the code into the online login screen.

How Does Security Code Autofill Work?
Apple created a way to use machine learning to determine whether or not an incoming text message carries a security code. Security Code Autofill automates the process of taking the security code from the text message and entering it into the part of the app or service you’re trying to log into. Synchronizing text messages through iCloud allows the operating systems to take 2FA passcodes from the iPhone and use them in Security Code Autofill in Safari on the Mac.

How Do I Enable Security Code Autofill?
You don’t need to do anything to enable Security Code Autofill. It’s part of both iOS 12 and macOS Mojave, and doesn’t require any settings changes to get it running.

Show Me How It Works 
As an example of how Security Code Autofill works, I’m going to sign into a site and an app for a service I use called Stripe. Stripe handles online payments, so they’re very strict about security and require 2FA to be in place for all accounts. On my Mac, I simply go to their website and click the login link, enter my user name and password, and then a dialog appears asking for the 2FA verification code (see screenshot below):

(Security Code Autofill has recognized a 2FA code and is offering to enter it with a click)

(Security Code Autofill has recognized a 2FA code and is offering to enter it with a click.)

The small blue dialog titled “From Messages” shows the code that needs to be entered for 2GA. With a click on that code, it’s automatically typed into the six text boxes on this verification screen. After this, a quick click on “Sign in to your account” moves me forward to the Stripe dashboard. No typing required!

On an iOS device, using either an app or a website that uses 2FA, there’s a similar process at work. Using the Stripe app on my iPhone XS Max, it’s easy for me to enter my user name and password automatically with Face ID. When Stripe sends a 2FA verification code, Security Code Autofill recognizes it and places it in the QuickType bar just above the numeric keypad that appears (in the screenshot below, it says “From Messages” and shows the six-number code. With a tap on the code, it’s automatically entered into the 2FA verification code field for me.

(The Security Code Autofill information appears in the QuickType bar above the keypad)

(The Security Code Autofill information appears in the QuickType bar above the keypad.)

Are There Any Cases Where Security Code Autofill Won’t Work?
Like most features in iOS and macOS — or any operating system for that matter — there are cases where Security Code Autofill doesn’t work properly. I’ve found it works well when using Apple’s Safari browser, but it does not work with Google Chrome, Mozilla Firefox, or Opera browsers. Some Mac and iOS apps that support two-factor authentication haven’t been updated to work with Security Code Autofill yet, so you’ll still need to enter those codes by hand.

Related: You Don’t Have to Be a Rocket Scientist to Manage Passwords


Security Code Autofill works quite well in the majority of situations, so if you’ve been waiting to set up two-factor authentication because of the hassle of entering verification codes, you now have nothing to stop you from doing so! Some pundits believe that the fact that 2FA works through SMS text messaging makes it too easy for hackers to grab those codes and steal your accounts, so it’s likely that authentication apps that generate time-based one-time passwords (like 1Password, Google Authenticator, LastPass and others) are the wave of the future for 2FA.


LEAVE A COMMENT


  • I have an iPhone along with an iMac & a MacBook. Since installing Mojave, I’ve NEVER had the opportunity to use the Message autoflll when I’ve been asked for an entry for 2FA. My iPhone indeed gets the message, but I have to look at my iPhone and then type in the code. Certainly hasn’t been automatic for me. Any thoughts why it won’t work for me?




  • I do not use a smart ‘phone. Will it work from the email on either my iPod Touch or iPad or Mac?

    I recently had 2FA with a financial institution which did recognize my browser. The code was sent to my email but I saw no autofill.




  • It isn’t just remembering a 2FA code, but rather it can leave you in a very bad place if you travel light and your trusted device dies or is stolen.

    For example, my girlfriend was on what was to be a day trip with only her iPhone, and on her way to her destination her phone died.

    Until she could make it to an Apple Store (without an appointment in a busy metropolitan area – there goes your ENTIRE day), she had no way to access her email accounts (containing her return flight information, among other things) because 2FA was sending the code to her phone (no luck there) and MacBook (at home, she lives alone.)

    She couldn’t just login via the web on a store Mac because it wanted the 2FA code sent to her trusted devices, and there is no emergency way to get a code by talking to a human, either for iCloud 2FA or Gmail 2FA.

    Essentially she was completely dead in the water until the Apple Store got her phone back up and running again.




  • I wasn’t aware you could use Messages with two-factor authentication. This interests me because I don’t have a cell phone. Can you please expand not this or write another Rocket Yard article on using cell phone alternatives for 2FA?




  • thank you.
    interesting and excellent information