How to bypass Apple’s multi-device two-factor system with Messages auto-fill

You can click a couple of times to reduce the friction in Apple’s two-factor authentication system.

apple 2fa

Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Apple has increasingly required that Apple ID accounts (used for iCloud, purchases, and other purposes) are protected by two-factor authentication (2FA). This two-part system has you enter a password and then enter a code that’s available from all devices associated with the same iCloud account.

You know the drill. A pop-up appears on all devices showing a rough map of where Apple believes the request originated. Tap or click Allow on any device and that pop-up disappears from all the others. On the device from which you approved the map, a six-digit code now appears in a special dialog box. Enter that code as your device, service, or browser second factor.

But there’s an easier way. Apple lets you set up both trusted devices, linked via iCloud, and trusted phones, which can receive a text message or an automated voice call. Since Apple updated Messages, Safari, and other apps in iOS to offer an autofill in the QuickType bar above the keyboard and later in macOS to offer a Messages autofill dialog, you can use that method to reduce the number of steps.

  1. Start a log in to any Apple device, service, or site that requires 2FA.

  2. When prompted with a code, instead of following the procedure above, click or tap the Didn’t Get a Verification Code link.

  3. Tap or click Text Me or Use Phone Number (descriptive text may vary); optionally select among numbers, shown by their last few digits, if you have multiple trusted numbers. (I recommend having multiple trusted numbers to avoid losing account access.)

  4. When the code comes in via SMS, you can use the normal autofill option to fill in the appropriate fields for an Apple login.

mac911 text 2fa apple login IDG

You can opt to validate your identity in a different way for two-factor authentication.

Having said all this, SMS-based 2FA codes are increasingly considered a bad idea, due to the potential of phone number hijacking, which has become a common tool for identity theft and cash and cryptocoin theft. However, until Apple no longer allows phone number-based second factors, take advantage of this shortcut to speed logins.

This is also a useful tool when you’re logging in from a non-Apple device that you use with Apple services or don’t have your normal trusted devices around, but do have a linked phone.

This Mac 911 article is in response to a question submitted by Macworld reader Andrea.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to including screen captures as appropriate, and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon