beginning of the year hit Apple's WebKit team is planning to change the format of two-factor authentication messages (2FA SMS) to make them more secure. This should now be possible in iOS 14, iPadOS 14 and macOS 11 Big Sur.
With iOS 12, Apple has allowed websites and applications that require two-factor authentication to automatically fill in codes sent via SMS. But now this process is to become even easier and, above all, more secure. To be precise, the so-called "domain-bound code" is now to be used. This is stated in a notice:
Many websites and apps offer additional login security in the form of SMS-delivered codes. On iPhone, Security Code AutoFill makes it easy for users to quickly insert these codes by offering them in the QuickType bar. On a Mac running macOS Big Sur, Mac Catalyst and AppKit applications can also take advantage of this feature. Additionally, starting with iOS 14 and macOS Big Sur, we're adding an additional layer of security to SMS-delivered codes by allowing you to associate codes with a specific web domain.
Apple recommends updating the standard
Apple explains that domain-bound codes allow iOS, iPadOS and macOS to only suggest auto-filling the two-step authentication code if the domain detects a match with the website or app. According to Apple, this innovation makes it more difficult for hackers to trick users on phishing sites with two-factor authentication. One example states:
For example, if you receive an SMS message that ends with @example.com #123456, AutoFill will offer to fill that code when you interact with example.com, one of its subdomains, or an application associated with example.com. If you instead receive an SMS message that ends with @example.net #123456, AutoFill will not offer the code on example.com or in the application associated with example.com.
The Cupertino-based company has already published documentation on this. While the existing two-factor authentication codes will continue to work, Apple recommends that all developers update the standard to provide more protection. (Image: Apple)
