I have to use a specific 2FA a couple dozen times a day and it is tiresome as well as mildly dangerous (alarm fatigue type syndrome making it more likely that I would not pay attention to a phishing attempt to get my 2FA code). It seems like it should be possible to automate this, my primary concern being pop-up login dialogs that come from Outlook and other 365 desktop apps.
I’m not sure what the best tool(s) to attack this with are though. Better Touch Tool or Keyboard Maestro almost certainly need to be in the mix to send keystrokes, it should be possible to pull the 2FA code off 1Password or out of the apple keychain now that it supports 2FA.
So before I start banging my head on this particular door I figured I’d ask if anyone else has done this and how you ended up making it smooth.
If you mean a one time passcode (OTP) often used for MFA/2FA, many password managers, including 1Password, will automatically populate the code when prompted for it - assuming you have primed the password manager with the authenticator seed.
There’s open source apps to generate 2FA codes too. The security utility cannot access iCloud Keychain, AFAIK, so automating the Passwords UI would be the only option there.
Looking at the problem further, the challenge is not browser based login, and it isn’t even getting the 2FA codes. The real problem is more about the pop up dialog that the desktop apps like Outlook and Teams produce. Cleanly detecting that the dialog is on the screen, that the app is asking for you to log in again, that’s problem 1. Presumably once that is solved, problem 2 is programmatically sending the keystrokes to the right place.
Probably worth discussing with your system admin as I can’t imagine this is desired behaviour in any organisation that expects any sort of productivity from their user.
The Microsoft Azure MFA protocols can only work with apps like 1Password if the administrators enable that on the server. Even then it looks like you need 1Password for Business to make it work. @mpackermentioned this.
In the end my solution was to switch to a company that doesn’t use Microsoft apps.
But worth pointing out to anyone finding this thread in future that 1Password does a pretty decent job of blasting through this sort of login if you 1) Put your 2FA code generation into it so it has it handy, and 2) Use the Command+\ keyboard shortcut which causes 1Password to figure out what app has focus and autofill whatever part of the login is being asked for. Not fully automatic but a whole lot better than not having any affordances at all.
And I’m only half kidding about that being a reason to switch companies… culture issue in some industries. Some other industries I know you just can’t get away from Word and Excel, sorry
