Google Authenticator is an excellent solution for generating one-time passcodes for two-factor authentication. But while the app makes a lot of sense to use for many, if you’re locked into the Apple ecosystem, you’re better off using iCloud Keychain. And that’s true now more than ever, as Apple recently made it easy to transfer your OTPs from Google Authenticator to iCloud.
Who should move one-time passwords to iCloud Keychain
A caveat: You should only migrate all your OTPs to iCloud Keychain if you’re all-in on the Apple ecosystem. If you use an Android phone or a Windows PC where you may need access to some of this login data, you should continue with Google Authenticator or other password managers that can also generate login codes.
Having said that, for those who only use Apple products, it’s far more convenient to have all login codes in iCloud Keychain. It makes logging in seamless because you can easily copy and paste or AutoFill one-time passwords no matter which device you’re using. Although Google Authenticator is a good app, you’ll still have to keep going to your iPhone to find and enter codes each time. This can be especially annoying if you primarily log in to websites on your Mac, particularly when you’re used to the convenience of iCloud Keychain’s AutoFill.
Another advantage of using iCloud Keychain to manage these codes is seamless migration. If you buy a new iPhone or a Mac, you don’t have to do anything to import your one-time passwords either. Google Authenticator supports account syncing too, but you’ll still have to log in separately to the app on your new iPhone, and it’s limited to phones only. With iCloud Keychain, all your one-time passwords will be available on your Mac, too, assuming you logged into your Apple ID when first setting up the computer.
How to import Google Authenticator codes into iCloud Keychain
You need to check the following things before you can import Google Authenticator codes to your iPhone:
- Go to Settings > Passwords > Password Options. Under Set up verification codes using:, select iCloud Passwords & Keychain.
- Open Google Authenticator on your iPhone and check which one-time passwords are stored in the app. Ensure that all of the corresponding login entries are in iCloud Keychain by going to Settings > Passwords on your iPhone. If any entry is missing, add it before you import authentication codes.
Once these things are sorted, open Google Authenticator on your iPhone, and tap the three lines button in the top-left corner and select Transfer accounts. The app will show you a QR code and you can take a screenshot. Open the Photos app, go to this screenshot, and long-press the QR code. You can now select Add Verification Codes in Passwords.
This action will open Apple’s password manager, and you’ll see all the authentication codes that were in Google Authenticator until now. Hit the Add to Password… option below each, select the login item it corresponds to, and the two will link. You’ll have to do this manually for each entry, but it’s a one-time effort.
After this, these login codes will be available on all your Apple devices. The next time you sign into an account with two-factor authentication, you should see the option to AutoFill the code without needing to do anything else. Worst case scenario, you’ll need to dive into iCloud Keychain to retrieve the code from the same device you’re trying to log in on.