Two-factor authentication became a lot easier in iOS 13 when the stock Apple keyboard in the Safari app started picking up text codes from the Messages app.
It meant you didn’t have to go digging through the SMS app for the code in order to copy and paste it into the service you’re trying desperately to access.
Now, in a very un-Apple-like display, it wants to share this handy tool with the rest of the world. The idea is to improve the security of those one-time text codes and prevent users falling victim to phishing attacks.
A report from ZDNet highlights the proposal from WebKit engineers, which has two major objectives: First, Apple wants to associate those one-time passwords with a URL, delivered to users via the SMS itself.
Related: Best VPN 2020
Secondly, Apple wants to create a standard format for the OTP SMS messages that’ll work across browsers and messaging apps so everyone can benefit from the ease of logging into their favourite apps, while lessening the vulnerability to bad actors.
If the scheme comes to fruition in the future, this is how the text will look:
747723 is your WEBSITE authentication code.
From there, the apps and browsers in question will automatically pull the code from the SMS and complete the two-factor login. If the URL in the message doesn’t match the site users are trying to log into then users will now there’s some phishing going on and can take necessary measures.
Related: iOS 14 phones
The goal of the proposal is surmised excellently by the Github page explaining the proposal.
The engineers, led by Theresa O’Connor, write: “End users shouldn’t have to manually copy-and-paste one-time codes from SMSes to their browser. Sites should be able to trust that the one-time codes they send over SMS will only be entered on the originating site.”