Apple's Webkit engineers have proposed a method to make two-factor authentication messages (2FA SMS) more secure by developing a standard format for the verification process.
Registrations with two-step verification require a password and another code that finally verifies the user. A popular element for this is the SMS-based solution. The code is sent via SMS text message and only allows access to the respective account after it has been entered. In their current form, such SMS messages can arrive in various formats, which is why apps or websites are often unable to automatically recognize and extract them.
More security against phishing
This is where Apple comes into play – how ZDnet reported. The Cupertino-based company has two goals. Accordingly, the SMS message should contain not only the one-time code but also the login URL for security purposes. Furthermore, such SMS messages must have a standard format so that apps and websites can recognize them and extract the code provided. This would eliminate the need for manual entry. However, the idea behind the idea is not to promote convenience but to detect fraud. Accordingly, the method could protect users from phishing sites, as these are automatically recognized during such a process.
This is what the new standard format could look like
In the course of this idea, Apple's developers have already presented an example of what such an SMS could look like in the future:
747723 is your WEBSITE authentication code.
@website.com #747723
While the first line is for the user, the second line is for browsers and applications to automatically identify themselves so that the 2FA login process can be completed. If the automatic login process fails, users can still proceed manually as they can match the website URL themselves and enter the code.
Google seems to agree
According to the ZDNet report, Google Chrome developers have already agreed with Apple's proposal. It is not yet known whether Mozilla's Firefox team also likes the idea. There is no official feedback yet. The method would create an additional layer of security for all users around the world and further strengthen Apple's autofill function in Safari (since iOS 12). So it is to be hoped that the idea behind the standard format for 2FA logins will prevail. (Photo by g0d4ather / Bigstockphoto)
