What you need to know
- Apple is making SMS-based one-time passwords more secure.
- Those passwords can be tied to a particular domain.
- That means Safari will check the codes came from a legit source.
Way back in January Apple's WebKit team suggested a new format for SMS one-time passcodes that would make them more secure. Now, Apple has announced that developers can already take advantage of the feature in a new post to its developer website.
According to the post, Apple will now allow developers to associate their one-time passcodes with a domain, allowing Safari on iPhone, iPad, and Mac to check the code is associated with the correct domain before offering to use AutoFill.
Apple calls this new feature "domain-bound codes" and it should prevent fake codes from being generated and then auto-filled by Safari.
When you use a domain-bound code, AutoFill will suggest the code if — and only if — the domain is a match for the website or one of your app's associated domains. For example, if you receive an SMS message that ends with @example.com #123456, AutoFill will offer to fill that code when they interact with example.com, any of its subdomains, or an app associated with example.com. If instead you receive an SMS message that ends with @example.net #123456, AutoFill will not offer the code on example.com or in example.com's associated app. This makes it harder for an attacker to trick someone into entering one-time codes into a phishing site.
Apple notes that this move doesn't mean standard codes will no longer be supported, however. They will be, but it does suggest that developers take advantage of the new domain-bound codes as well.
While iOS and macOS will also display regular SMS-delivered codes in addition to domain-bound codes, we encourage everyone employing this authentication method to adopt this standard to provide a more secure experience for people on your website or app. If a message contains no domain information, it will continue to be offered in all relevant fields through AutoFill.
All of this kicks in when iOS 14, iPadOS 14, and macOS 11 Big Sur arrive this fall.
Developers can learn more about implementing the new codes on Apple's developer portal.
We may earn a commission for purchases using our links. Learn more.
Apple finds new ways to support (RED) as it combats HIV/AIDS and COVID-19
Apple continues to help (PRODUCT) RED in new ways as it battles HIV/AIDS.
Apple picks up a $12 million fine over claims of iPhone water resistance
Apple is in the dog house in Italy after it picked up a fine over the way it advertises iPhones and their water resistance.
Get the Aviary Twitter app for just $1.99, today only!
You haven't lived until you've used a third-party Twitter app like Aviary. You want to live, don't you?
All the Nintendo Switch accessories for Animal Crossing fans
Animal Crossing: New Horizons is finally out on Nintendo Switch. Go all out with your Animal Crossing love with these adorable-themed accessories.