What you need to know
- Apple engineers have unveiled a proposal to standardize the format of two-factor authentication.
- It has suggested the use of a new SMS format for one-time-passcode messages.
- The new format would include the website the code is meant for, information that could be automatically extracted by a browser or app.
Apple WebKit engineers have unveiled a new proposal that could standardize the format of two-factor-authentication messages to improve security and prevent users from falling for phishing scams.
As reported by ZDNet, Apple engineers working on WebKit, a core component of Safari have come up with the idea, but Google's Chromium engineers are also on board. According to the report:
As the report notes, by including the URL of the intended website within the SMS, it would mean websites and apps could automatically detect and read a 2FA SMS message, inputting the data. This would certainly be more convenient than remembering and then typing the keycode in. However, more importantly, by ensuring the code would only work with a specific, intended website, the plan could eliminate the risk of falling for a scam, whereby a user might unwittingly enter their 2FA code into a phishing site.
The text format would look like this:
The first line is for human users, the second for apps and browsers. The browser/app would automatically detect and extract the code. If the URL in the browser/app doesn't match what's in the text, the operation will fail. Users would then be able to see that the website provided is not the same as the one they're trying to log into, potentially alerting them to a scam or an unsafe website.
The report notes, as mentioned, that Apple's WebKit developers (who came up with the idea) and Google's (Chromium) engineers are on board with the proposal. Mozilla Firefox has not given an official response yet. In terms of a rollout, the report notes:
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9