Android Messages now makes it really easy to copy two-factor codes

Google is rolling out a small but helpful upgrade to Android Messages: the ability to copy two-factor authentication codes with a single tap, right from a notification.

If you use two-factor authentication to secure your accounts, you’re probably used to this process: type in your password, wait for a text messaged code to arrive, memorize the code, and then type it back into the login prompt. It’s a bit of a pain. But if you use Android Messages and are logging into an app or website on your phone, it’s about to get a bit easier.

Left: before the update; right: the update adds the “copy” prompt automatically.

In the new update, Messages will detect if you’re receiving a two-factor authentication code. When it does, it’ll add an option to the notification to copy the code, saving a step. The app update is still rolling out — we were able to try it out by downloading the APK via Android Police — but it should be available soon if you’re not seeing it yet.

Google isn’t the first company to figure out this feature — Xiaomi and other Chinese phone companies have offered the ability to copy codes from a notification for a while. But the wider this rolls out, the better. It’s a real convenience for people who have two-factor set up on a lot of their accounts. (And really, you should, as it makes your accounts a lot more secure.)

It’s worth mentioning that receiving a two-factor code from a text message isn’t the most secure way of locking down your account — it’s possible for the code to be intercepted. But it’s the option that most sites offer, and it’s still better than just the standard username and password.


cool now give me that web interface!

Honestly, it’s small little features like these combined with Google Assistant running laps ahead of Siri and the last few iOS updates coming out of the oven a little undercooked and buggy that keep making Android more and more and more compelling. Attention to detail like this is what used to make Apple seem so magical, having users think they’ve though of everything. Now, Google seems to be scratching that itch, at least for me.

I completely agree with you.
Those little features are what used to make IOS interesting but not anymore. Granted that IOS is stable and polished than Android. Android has caught on immensely in so many ways.IOS notification is a complete mess and it is mind boggling that Apple cannot even fix that. I find myself torn between both platforms now. A well made phone is also not the preserve of Apple anymore as it used to be.

Is iOS more stable and polished anymore though? Even Apple’s own ads have bugs in them:

In regards to build quality, the Pixel and Pixel 2 build quality is no slouch. In fact, I’d argue it’s on par with the iPhone X, if not better. My iPhone X is not holding up well at all. The glass back cracked while in my pocket from bumping in to a corner of a table (my fault, but still a frustrating way to break something that Apple wants $550 to fix, which is also ridiculous for a piece of glass with no technology), and my screen has so many micro-abrasions from going in and out of my pocket, some of which are even visible with the screen on. These cosmetic things haven’t affected my enjoyment of the device overall, but this is by far Apple’s poorest designed phone, at least in terms of reliability and ability to withstand normal, day-to-day use. I don’t think taking a phone in and out of your pocket should result in scratches on the screen, but maybe that’s just me.

Wow sounds like you’ve had a bad go of it with the X. Let me balance out your anecdote with my own. I couldn’t disagree more. I think the X is by far the best designed iPhone I’ve ever owned and multiple reviews have echoed that. I’ve dropped it multiple times with no issues. I have a few microabrasions but with no case that would happen to any phone. My favorite phone I’ve owned, including multiple Android phones

I know I’m likely the outlier in terms of how it’s holding up, but it is also the first iPhone where I’ve had any issues with cosmetic damages and micro screen scratches, as someone who has upgraded every year since the 4S, so it is hard for me to think that this is a me problem and not a device build quality issue. The X is still a great phone that I enjoy using, but between iOS quality degrading over time along with the quality of my own personal hardware, I think the Pixel 3 is going to be my next phone. And I’m honestly so excited to at least try it.

As an avid Android user, Google deserves no kudos for any messaging right now. This is cool but bringing up Messages in any form makes me want to pull my hair out.

Give us the new unified messages I guess and we’ll see how that goes but I’m still not terribly happy with it and saying "well we just want to stay open and not create another platform you are forced to use" is a great sentiment but is it what the users are actually asking for? At least make an excuse like we’ll probably get sued if we did it that way or something.

I still dont understand WTF people hate messages so much. Open conversation, click name, send…no different than imessage, messenger or whatever messaging app there is.

I have never had a problem with it and with work I have to use imessage and messages equally throughout the day. No difference is felt swapping between the two.

Americas problem. Everyone else uses Whatsapp

SMS by and large is incredibly limited with what it can actually deliver. RCS probably solves that mostly.

But honestly, that’s not what bugs me, i’ve got nothing against the app itself it’s more the fragmented messaging experience Google has created. Should I use Allo or Hangouts or Messages? Allo and Hangouts had all the features while Messages had the reach….

Having Hangouts in gmail is incredibly useful, will messages be in Gmail moving forward for a web UI? Probably not.

It’s all… frustrating

I am 1000% with you. As far as SMS apps go, Android Messages is actually doing a tremendously great job. RCS needs to get here soonest, more importantly, iOS needs to support RCS. If Apple doesn’t adopt RCS the messaging divide with still exist, I have a feeling they won’t tho

Google had a great opportunity to make things semi great by integrating hangouts, SMS, and Google Voice. Unfortunately, it squandered that opportunity. With the pausing of Allo development (disappointment) and the moving of Hangouts to Enterprise (head-scratcher), I have no idea what is Google’s plan to un-f*ck this whole debacle.

Fortunately you seem to have missed the stretch where Messages was dropping texts like crazy – it was on the blogs, Google said it wasn’t Messages fault, they’d look into it. Not ringing a bell, within the last six months? I switched to Textra immediately and the problems went away. Weeks later, Messages was fixed and that was announced as well. Never again. Glad it’s worked out for you though.

Mm-mmm.. Speed?? I mean, chat apps have been called "instant messaging" for no reason?

I wish more app developers simply wrote their apps correctly, and automatically copy/pasted their two-factor authentication texted codes into the waiting box in their app.

Is this an Android only thing, and too many app developers just lazily port their iOS app to Android or something? I genuinely have no idea on the nitty gritty of iOS. Because it’s kind of silly how this hasn’t become the de facto way of doing things for apps. Maybe 1/10 of my apps does it.

No thanks! That would mean more apps would have access to incoming text messages!

This feature does not require the app to access your SMS messages. It’s handled by Google Play Services:

Many apps does that, for example WhatsApp. It asks to read SMS/ TEXT permission in Android and Android prompt a permission pop-up with allow deny dialog and as you give that app request for the code and auto retreve the code from text app to WhatsApp.

BTW, I wish Android would have an another dialog to add in that permission prompt. "Allow for once" this will make life easy for many users.

I know we can go to app settings and able change the permission which we have given to the apps but still I think "Allow for Once" would be very handy.

Well that’s a nice quality of life improvement.

SMS Organizer app has already been doing this and better.

I don’t get why Google can’t just revisit Hangouts. If you want something like iMessage, do what you can with Android messages, but hangouts really should be the WhatsApp alternative.

When I setup account in WhatsApp for example, it asks to read SMS/ TEXT permission in Android and Android does prompt a permission pop-up with allow deny dialog and as you tap in the app for OTP request then code come to inbox and that code auto retrieved by the WhatsApp from the text app to WhatsApp, right? Many apps does that who ask for reading your sms text permission just for this tast, am I right?

Now, it would have been nice if Android would have put an another dialog with allow and deny permission prompt. "Allow for once" this will make life easy for many users.

I know we can go to app settings and able change the permission which we have given to the apps but still I think "Allow for Once" would be very handy.

Very important feature for privacy so app developer won’t have access to my text messages 24*7 just to get one OTP automatically.

Best make sure your phone is set to not show sensitive information on the lock screen of you’re getting 2fa messages via sms or push btw…

the text arrives at point of transaction (POt) and is rendered obsolete at end of transaction (eOt) and the whole purpose of two-factor-authentication (TfA) is to ensure you have a secure device at hand when completing a high-value transaction (hVt) – a process that should take less than 10 seconds to ensure security. Thank you for using "2fa" as if it was a thing, though, I’ve tried to make some things in this comment too. Hope they catch on, you read it here first!

I’ve got another hack, just make the message app notification persistent when a message comes in, no need to memorise, or pull down to check again, just type it in yourself. So easy, not as fast copy paste, but it’s still really easy.

Its a bit of a pain? To memorise 4-6 digits for 3 seconds? it appears in notifications and you dont even need to open the message. Most apps automatically detect the code anyway, I know, not for banking. Gosh.. its amazing how people can turn anything into a 300-word article.

View All Comments
Back to top ↑