Apple Wants to Standardize SMS One -Time Passcodes Format for Enhanced Security

Submit

Apple's WebKit team is proposing certain changes to the SMS one-time passcode format. The team hopes to make the two-factor authentication process more secure. The company engineers have highlighted two goals which could contribute to the change.

Apple WebKit Team Proposes Standardized SMS One-Time Passcodes Format for Enhanced Security

The proposal has been detailed by ZDNet which was shred on GitHub this week by Apple engineers. One of the two goals is to create an association between the SMS one-time passcodes with a URL. To do this, the WebKit team has proposed to add URL logins to the SMS.

M1 Mac Models Can Support up to Six External Monitors, Provided You Have Compatible Adapters With You

The second part of the proposal deals with standardizing the two-factor authentication SMS passcodes format. This will allow browsers and mobile applications to detect the one-time passcodes and familiarize the domain. Once that is done, the app or browser could “automatically extract the OTP code and complete the login operation without further user interaction.”

At this point in time, Apple and Google have backed the proposal and Mozilla still has to comment on the change. For more details on the format, ZDNet has a further explanation of how the change could be implemented and to prevent potential phishing attacks.

Apps and browsers will automatically extract the OTP code and complete the 2FA login operation. If there’s a mismatch and the auto-complete operation fails, human readers will be able to see the website’s actual URL, and compare it to the site they’re trying to login. If the two are not the same, then users will be alerted that they’re actually on a phishing site and abandon their login operation.

Here's an example of the SMS one-time passcodes format proposed by Apple engineers. Users can recognize the source of the message from the first line and the second line is for the app and websites to read and go on with the verification process.

747723 is your WEBSITE authentication code.
@website.com #747723

The new SMS one-time passcode will enhance security and add an extra layer of protection for users against any potential attacks.

What are your thoughts on the subject? Share your views with us in the comments section below.

Submit