Apple engineers working on WebKit (its key component browser Safari) proposed to standardize the format of SMS messages containing one-time passwords (OTPs) received by users when associated with 2-step verification (2FA).
Apple with this proposal initially seeks to introduce one method by which SMS messages containing one-time codes can be associated with one address URL This can be achieved with add a URL within the SMS itself. At the same time, Apple seeks to standardize the format of SMS messages that will contain OTPs and enable 2-step verification (2FA). This way browsers and other mobile apps can easily detect incoming SMS, recognize it web inside the message and then automatically export the OTP code and complete it connection without the user having to do something else. So h λήψη and a one-time password can be entered automatically so that the chances of a user falling victim are reduced fraud or even insert an OTP code into a site Phishing with the wrong address URL.
According to the new proposal, the new format of SMS containing OTP codes will be as follows:
747723 is the WEBSITE verification code. @ website.com # 747723
The first line is aimed at users, allowing them to identify from which site the OTP code contained within an SMS originates. The second line is intended for both users and users applications and browsers. Applications and browsers will automatically extract the OTP code and complete the 2-step verification connection (2FA).
However, if it does not match and the autofill feature fails, users will be able to see the actual URL of the site and compare it to the site they are trying to link to. If both data are not the same, then users will be notified that they have moved to a phishing site and are logged out.
Currently, Apple (WebKit) and its engineers Google (Chromium) are already included in the proposal. THE Mozilla (Firefox) has not yet announced anything about the proposal, while Twilio has already expressed interest in implementing the proposal.