98 Macworld • April 2020OPINION
Google and Microsoft too. The basics of the tools
are already there; they just need to be implemented.Two factor awakens
For those intent upon securing their data, two-
factor authentication (2FA) has become a must-
have. Apple has done a pretty solid job of both
implementing 2FA for its own systems and of
making it easier to use the system in its most
common form, via SMS text message, by
providing an autofill feature.
However, it’s become increasingly apparent
that SMS isn’t the most secure of vectors for
authentication, thanks to the relative ease of
spoofing phone numbers. Instead, users are better
off taking advantage of authentication apps that
can generate such codes locally on a device, such
as Authy or 1Password. The downside with this
method is that it’s definitely less convenient than
SMS, especially with the autofill feature.
So perhaps it’s time for Apple to expand its own
2FA system to third parties, perhaps even a system
where authenticator apps can hand off a code when
prompted, à la the SMS autofill. This feature already
exists to some extent: Authy, for example, can, in
some cases, bring up a 2FA code when requested.
(I’ve only seen it for my Twitch account, which
apparently uses Authy’s own API.) Apple seems
well positioned to improve the 2FA experience for
its users, thus hitting that rare balance of improved
security and convenience.