Has anyone automated 2FA login for desktop Office 365 apps?

I have to use a specific 2FA a couple dozen times a day and it is tiresome as well as mildly dangerous (alarm fatigue type syndrome making it more likely that I would not pay attention to a phishing attempt to get my 2FA code). It seems like it should be possible to automate this, my primary concern being pop-up login dialogs that come from Outlook and other 365 desktop apps.

I’m not sure what the best tool(s) to attack this with are though. Better Touch Tool or Keyboard Maestro almost certainly need to be in the mix to send keystrokes, it should be possible to pull the 2FA code off 1Password or out of the apple keychain now that it supports 2FA.

So before I start banging my head on this particular door I figured I’d ask if anyone else has done this and how you ended up making it smooth.

If you mean a one time passcode (OTP) often used for MFA/2FA, many password managers, including 1Password, will automatically populate the code when prompted for it - assuming you have primed the password manager with the authenticator seed.

As already mentioned above, the 1Password extension can do this, if it’s for a website, in a (supported) browser.

You can use the 1Password CLI and Keyboard Maestro to automate it for Apps as well.

1 Like

There’s open source apps to generate 2FA codes too. The security utility cannot access iCloud Keychain, AFAIK, so automating the Passwords UI would be the only option there.

Looking at the problem further, the challenge is not browser based login, and it isn’t even getting the 2FA codes. The real problem is more about the pop up dialog that the desktop apps like Outlook and Teams produce. Cleanly detecting that the dialog is on the screen, that the app is asking for you to log in again, that’s problem 1. Presumably once that is solved, problem 2 is programmatically sending the keystrokes to the right place.

Probably worth discussing with your system admin as I can’t imagine this is desired behaviour in any organisation that expects any sort of productivity from their user.

1 Like

The Microsoft Azure MFA protocols can only work with apps like 1Password if the administrators enable that on the server. Even then it looks like you need 1Password for Business to make it work. @mpacker mentioned this.