Has MacOS evolved where we can configure optional 2FA during the login process? That is, both with the console/GUI login and console/ssh/text login. I recall some time ago, there was a design issue that prevented this. As for Monterey and Ventura, I wonder if this has since evolved further or is still an issue.
I'm not sure if the Apple-supplied 2FA (for devices) can be configured in this manner for the same services.
MacBook Pro 15″, macOS 10.15
Hi Forrest,
This is currently not possible, but you can let Apple know that you'd like this feature to be available in the future using this link:
Cheers!
Forrest wrote:
What about using a Two Factor app, such as Authy or Google Authenticator? Aren't these created to avoid that problem.
There would have to be some kind of integration plug-in to Apple's authentication logic and Apple doesn't allow those things. Even if they did, it would only work for the Lock Screen. You wouldn't be able to boot with it due to FileVault. Technically I suppose Apple could put that kind of logic in the firmware, but that's simply not going to happen.
Hello Forrest,
The following article explains more about two-factor authentication for macOS and what is (and is not) possible: Use two-factor authentication for security on your Mac, iOS devices, and iPadOS devices. It explains: "When you sign in to your account, you see that two-factor authentication is already on if it was turned on in the past. If it’s not on, you can turn it on while setting up a new Mac, or follow the steps below any time to turn it on in Password & Security settings."
Let us know if we can help with anything else at all. Thanks and have a fabulous day!
Thank you for your response.
This article addresses use of Two-factor authentication, as it applies to using Apple services (Apple ID, et al). What I am referring to is the core login function that runs, separate from the operating system, ie: the login screen on a Mac. I would like to utilize a two-factor authentication mechanism at this layer as well. From what I understand, in the past, this wasn't possible at the time due to design limitations. I do not know if those same limitations exist in Monterey or Ventura, for example.
What about using a Two Factor app, such as Authy or Google Authenticator? Aren't these created to avoid that problem.
Two factor authentication for login is not really possible. This works by sending an authentication request over the internet to one of your other trusted devices. But when your computer is logged out or otherwise login-locked, there may not be internet access. Maybe you just turned on then computer, maybe your connection timed out, maybe you've lost internet for some other reason. Whatever the reason, with two-factor authentication and loss of internet, your computer would essentially be bricked at that point.
Apple is going to start supporting security keys in its new Advanced Data Protection feature, but it's not publicly available now.
MacOS: two-factor authentication with login?
