Apple Engineers Propose Standardized Format for SMS One-Time Passcodes

Apple WebKit engineers have put forward a proposal to make one-time passcode SMS messages more secure by developing a standardized format for the two-step verification process, reports ZDNet.

one time passcode sms black background
Two-step verification logins require a user's password and another element that only the user would know – in this case, a one-time code sent via text message – to gain access to an online account.

As it stands, these SMS messages can arrive in a variety of formats, making it difficult or impossible for apps and websites to detect them and automatically extract their information.

Apple's proposal has two goals. The first is to introduce a way that one-time passcode SMS messages can be associated with the website, by adding the login URL inside the message itself.

The second goal is to standardize the format of the SMS messages, so that browsers and other apps can identify the incoming message, recognize the URL, and then extract the OTP code for automatic insertion into the appropriate login field on the website.

The idea behind automating OTP entry is that it eliminates the risk of users falling for a scam and entering an OTP code on a phishing site with a different URL.

Apple developers provided the following example of the new format SMS message for OTP codes:

747723 is your WEBSITE authentication code.
@website.com #747723

The first line is intended for the user, enabling them to determine the website that the SMS OTP code came from, while the second line is processed by browsers and apps so that they can automatically extract the OTP code and complete the 2FA login operation.

If auto-complete fails, users will be able to check the URL of the website that sent the text against the site they're trying to log in to.

According to the report, Google Chrome engineers are already on board with Apple's proposal, but Mozilla's Firefox team have yet to provide official feedback on the standard.

The new proposals would add another layer of security to Apple's existing security code autofill feature, introduced in iOS 12, that can detect one-time passcodes in Messages and display them conveniently above the user's keyboard.

Top Rated Comments

fjfjfjfj Avatar
13 months ago
The way iOS captures the text code and fills it automatically is so convenient. It’s one of those little features that just makes things a bit easier and I smile every time it does it.
Score: 36 Votes (Like | Disagree)
adammusic Avatar
13 months ago
now work on auto deleting those messages after 10 minutes.
They pile up.
Score: 21 Votes (Like | Disagree)
araadt Avatar
13 months ago


Way to solve the problems of 10 years ago. Apple used to be more forward looking than this.

If the problems of ten years ago aren’t solved yet that makes them the problems of today.

I could likely get my mother to use 2FA by sms but I’d never be able to convince her of carrying around an Authenticator device or using a keygen app. If we have the opportunity, shouldn’t we refine all options?
Score: 12 Votes (Like | Disagree)
oneMadRssn Avatar
13 months ago
2FA using SMS is better than nothing, but is not very secure because of how SMSs can be intercepted.

If Apple is pushing for standards, why not standardize a proper 2FA protocol (e.g., OATH) and require all smartphones to have a standard compatible authenticator app built-in?

Indeed, I bet Apple could do it by themselves if they just bundle a 2FA app into iOS using a common open protocol. It's hard to get users to downloading Authy or similar app, but if its built-in it will take off. Service providers will be incentivized to adopt that protocol so their 2FA can be native in iOS, and the Androids will copy Apple as they always do.
Score: 5 Votes (Like | Disagree)
lobbyist Avatar
13 months ago
It’s a very Apple like proposal - it just works.


The way iOS captures the text code and fills it automatically is so convenient. It’s one of those little features that just makes things a bit easier and I smile every time it does it.

Score: 5 Votes (Like | Disagree)
baryon Avatar
13 months ago
Yes please! I hate it when making a payment, your bank sends the text but you can only copy the entire message as a whole so you have to remember it. And the code expires after a few seconds.

Actually, not being able to select and copy text from messages is extremely annoying, like when someone sends you someones phone number or email address but doesn't leave a space before and after it... The bane of my existence.
Score: 4 Votes (Like | Disagree)

Top Stories

bloodoxygenapplewatch

Apple Watch Series 7 Rumored to Feature Blood Glucose Monitoring

Monday January 25, 2021 5:05 am PST by
The Apple Watch Series 7 will reportedly feature blood glucose monitoring via an optical sensor, according to ETNews. The report, which mainly focuses on the blood glucose capabilities of the Samsung Galaxy Watch 4, explains that Apple is intending to bring blood glucose monitoring to the upcoming Apple Watch Series 7 using a non-invasive optical sensor. Measuring blood glucose levels,...
magsafecasedangle

Apple Elaborates on Potential for iPhone 12 and MagSafe Accessories to Interfere With Implantable Medical Devices

Saturday January 23, 2021 2:42 pm PST by
Since the launch of iPhone 12 models in October, Apple has acknowledged that the devices may cause electromagnetic interference with medical devices like pacemakers and defibrillators, but the company has now shared additional information. Apple added the following paragraph to a related support document today:Medical devices such as implanted pacemakers and defibrillators might contain...
14

Apple Releases iOS 14.4 and iPadOS 14.4 With New Camera Warnings and Bug Fixes

Tuesday January 26, 2021 10:04 am PST by
Apple today released iOS and iPadOS 14.4, the fourth major updates to the iOS 14 operating system that was initially released in September. iOS and iPadOS 14.4 come more than a month after the release of iOS and iPadOS 14.3, updates that brought new emojis, Intercom support, and more. The iOS and iPadOS 14.4 updates can be downloaded for free and the software is available on all eligible...
Top Stories 44 Feature

Top Stories: 'Thinner and Lighter' MacBook Air, Smaller iPhone 13 Notch, iOS 14.4 Incoming

Saturday January 23, 2021 6:00 am PST by
We continued to hear a lot more about Apple's plans for its Mac lineup this week, including word of a high-end redesigned MacBook Air and the return of an SD card slot as part of the upcoming MacBook Pro redesign. It also sounds like Apple has been working on Face ID for Mac, but it won't be appearing in a redesigned iMac this year as originally planned. This week also saw rumors about the...
14

Apple Releasing iOS 14.4 and watchOS 7.3 Later Today

Tuesday January 26, 2021 7:20 am PST by
In its Black History Month announcement this morning, Apple has confirmed that iOS 14.4 and watchOS 7.3 will be released later today. watchOS 7.3 expands the ECG app on the Apple Watch Series 4 and newer to Japan, Mayotte, Thailand, and the Philippines, while iOS 14.4 introduces a notification on iPhone 12 models with non-genuine cameras. Both software updates also add support for a new...
maxresdefault

Microsoft Touts Surface Pro 7 as 'The Better Choice' Over MacBook Pro in New Ad

Saturday January 23, 2021 11:02 am PST by
Microsoft yesterday shared a new ad on YouTube titled "Microsoft Surface Pro 7: The Better Choice," in which the company compares its tablet computer to Apple's 13-inch M1 MacBook Pro, as spotted by MSPoweruser. The ad highlights the Surface Pro 7's touchscreen and included stylus as opposed to only a "little bar" (the Touch Bar) on the MacBook Pro. Other advantages of the Surface Pro 7...
apple watch black unity

Apple Celebrates Black History Month With Limited-Edition Watch, Featured Apps and Books, and More

Tuesday January 26, 2021 6:14 am PST by
Apple today announced that it will be celebrating Black History Month with curated content that highlights and amplifies Black creators, artists, developers, and businesses across the App Store, Apple Music, the Apple TV app, Apple Books, Apple Podcasts, and more. The content will be featured throughout the month of February. Black Unity Sport Band has "Truth. Power. Solidarity." ...
7

Apple Releases watchOS 7.3 With Unity Watch Face, Expanded ECG Availability and More

Tuesday January 26, 2021 10:03 am PST by
Apple today released watchOS 7.3, the third major update to the watchOS 7 operating system that was released in September. watchOS 7.3 comes more than a month after watchOS 7.2, an update that brought support for Apple Fitness+ ‌‌The watchOS 7.3 update‌‌ can be downloaded for free through the dedicated Apple Watch app on the iPhone by going to General > Software Update. To install...
time to walk apple watch

Apple Fitness+ Feature 'Time to Walk' Launching Soon With Audio Stories From Special Guests

Saturday January 23, 2021 7:13 pm PST by
Earlier this week, Apple seeded the watchOS 7.3 Release Candidate, which is typically the final beta version of a software update. The release notes for the update list a new "Time to Walk" feature for Apple Fitness+ subscribers, described as "an audio experience in the Workout app where guests share inspiring stories as you walk." Apple Fitness+ subscribers will be able to open the Workout...
apple dan riccio

Dan Riccio Transitioning to New Project, John Ternus to Lead Apple's Hardware Engineering Team

Monday January 25, 2021 2:05 pm PST by
Apple today announced that current Apple hardware engineering SVP Dan Riccio is transitioning to a new role where he will focus on an unspecified project, with John Ternus set to take over as Apple's senior vice president of hardware engineering. In a statement, Apple CEO Tim Cook said that Riccio made Apple a better and more innovative company, and that Ternus will bring a deep expertise...