Open kikeenrique opened 2 years ago
If you want to see the contents of one of those items, you can use the security
command line tool to see their contents. The tokens are encoded as otpauth://
URLs.
In Terminal.app
:
security find-generic-password -s me.mattrubin.onetimepassword.token -g
If your keychain is locked you'll be prompted for your macOS account password. It will print out the first one it finds and the last line should say something like:
password: otpauth://REST_OF_URL
If you copy/paste that entire url into Safari on your iPhone with Authenticator installed it should try to import the code. Actually, Safari might prompt you to open Settings on your phone because the Keychain now has 2fa built in!
The querystring of that URL (the contents after the ?
) has all of the pieces you need to set up the token. Specifically in the secret=SOME_VALUE
portion the SOME_VALUE
is the secret part that you can use in the "Secret Key" portion of the manual entry screen in Authenticator.
Thanks a lot for your support! Unfortunately the command does not work, it finds nothing 🤔.
~ security find-generic-password -s me.mattrubin.onetimepassword.token -g
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
I've also tried using param -a with the account id I can see on the keychain app, but doesn't work either. I've even tried adding each keychain name at the end just in case, using the security list-keychains items.
Does anyone knows why the command does not work for me?
@beaucollins Could you confirm that it worked for you?
Hi,
I'm an Authenticator app user on macOS, it works properly. But, I've just migrated my computer via Time Machine backup, and my Authenticator accounts are missing. Almost all my keychain item were migrated, except these items, as far as I've detected.
I'm wondering if anyone could tell me if what I'm trying to do is possible. I'm trying to manually migrate them, in order to avoid a new setup of all my 2FA accounts (which are enough to try to avoid it). I try to copy an item, and then paste it in other new keychain that I would like to export, but on paste I'm asked for a password I don't know. I guess it's a kind of app password, am I right? could I find it somewhere? Is it possible to migrate this keychain items?
I've already read related issues, Are 2FA secrets backed up with an encrypted Finder backup? and Keys are saved as part of iCloud backup, but I didn't get an answer from them.