Source: Apple
What you need to know
- Apple is making SMS-based one-time passwords more secure.
- Those passwords can be tied to a particular domain.
- That means Safari will check the codes came from a legit source.
Way back in January Apple's WebKit team suggested a new format for SMS one-time passcodes that would make them more secure. Now, Apple has announced that developers can already take advantage of the feature in a new post to its developer website.
According to the post, Apple will now allow developers to associate their one-time passcodes with a domain, allowing Safari on iPhone, iPad, and Mac to check the code is associated with the correct domain before offering to use AutoFill.
Apple calls this new feature "domain-bound codes" and it should prevent fake codes from being generated and then auto-filled by Safari.
When you use a domain-bound code, AutoFill will suggest the code if — and only if — the domain is a match for the website or one of your app's associated domains. For example, if you receive an SMS message that ends with @example.com #123456, AutoFill will offer to fill that code when they interact with example.com, any of its subdomains, or an app associated with example.com. If instead you receive an SMS message that ends with @example.net #123456, AutoFill will not offer the code on example.com or in example.com's associated app. This makes it harder for an attacker to trick someone into entering one-time codes into a phishing site.
Apple notes that this move doesn't mean standard codes will no longer be supported, however. They will be, but it does suggest that developers take advantage of the new domain-bound codes as well.
While iOS and macOS will also display regular SMS-delivered codes in addition to domain-bound codes, we encourage everyone employing this authentication method to adopt this standard to provide a more secure experience for people on your website or app. If a message contains no domain information, it will continue to be offered in all relevant fields through AutoFill.
All of this kicks in when iOS 14, iPadOS 14, and macOS 11 Big Sur arrive this fall.
Developers can learn more about implementing the new codes on Apple's developer portal.
We may earn a commission for purchases using our links. Learn more.

Apple Store employees in the United States must now wear masks
Apple has reportedly told employees at its United States Apple Stores that they must once again wear masks when at work, although the company has stopped short of requiring that customers also wear face coverings.

Apple's mixed reality headset could have an external screen
Rumors of Apple working on some kind of mixed reality headset are far from fresh but a new report has shared more information about how the project has struggled to ship a product. According to that report, and to deal with concerns from people on the team, Apple may be putting an external display on the headset so that people can see what you look like.

Leaked iPhone 14 cases show Pro models' insanely huge camera bumps
Apple is roundly expected to announce a new iPhone 14 lineup later this year and a new leak claims to show some of the cases that are being built for those new handsets. And as we've been expecting, they show the iPhone 14 Pro and iPhone 14 Pro Max devices will both come with massive camera bumps.

Need to print something from your iPhone? Check out these printers!
Printers are a reliable way of obtaining a physical copy of documents. Even if you're mostly using your iPhone or iPad for everyday computing, AirPrint capable printers will keep you printing with no problems. Here are some of our favorites!