What you need to know
- Apple has changed the way two-factor authentication SMS messages look.
- Now, Apple's messages will only have iOS, iPadOS, and macOS autofill on authentic websites.
Apple has made a change to the way two-factor authentication SMS messages look in an attempt to help boost security.
Apple's change essentially means that any time it sends you a new SMS as a form of two-factor authentication the message will only be provided for autofill on Apple services and websites thanks to the addition of a new piece of text. As reported by Macworld, the move was first proposed more than a year ago — in August 2020, to be exact.
The new messages will include more text than usual — and have already been rolling out for the last few weeks, too.
- A standard human-readable message, including the code, followed by a new line.
- The scoped domain as @domain.tld.
- The code repeated again as #123456.
- If the site uses an embedded HTML element, called an iframe, the source of the iframe is listed after %, such as %ecommerce.example. (The original spec specifies @; Apple appears to be using % for its texts.)
This whole system works in a similar way to how password managers and iCloud Keychain will only present a password on a specified website or in an associated app. This means that fake websites can't use autofill to accept a two-factor authentication code because iOS, iPadOS, and macOS will spot that the domains don't match.
You still need to keep an eye on where you are clicking and what passwords you are entering, but this SMS change should at least help matters.
You can read more about how this all works in the original Macworld article, too.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.
Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.