Apple Engineers Propose Standardized Format for SMS One-Time Passcodes

by

Apple WebKit engineers have put forward a proposal to make one-time passcode SMS messages more secure by developing a standardized format for the two-step verification process, reports ZDNet.

one time passcode sms black background
Two-step verification logins require a user's password and another element that only the user would know – in this case, a one-time code sent via text message – to gain access to an online account.

As it stands, these SMS messages can arrive in a variety of formats, making it difficult or impossible for apps and websites to detect them and automatically extract their information.

Apple's proposal has two goals. The first is to introduce a way that one-time passcode SMS messages can be associated with the website, by adding the login URL inside the message itself.

The second goal is to standardize the format of the SMS messages, so that browsers and other apps can identify the incoming message, recognize the URL, and then extract the OTP code for automatic insertion into the appropriate login field on the website.

The idea behind automating OTP entry is that it eliminates the risk of users falling for a scam and entering an OTP code on a phishing site with a different URL.

Apple developers provided the following example of the new format SMS message for OTP codes:

747723 is your WEBSITE authentication code.
@website.com #747723

The first line is intended for the user, enabling them to determine the website that the SMS OTP code came from, while the second line is processed by browsers and apps so that they can automatically extract the OTP code and complete the 2FA login operation.

If auto-complete fails, users will be able to check the URL of the website that sent the text against the site they're trying to log in to.

According to the report, Google Chrome engineers are already on board with Apple's proposal, but Mozilla's Firefox team have yet to provide official feedback on the standard.

The new proposals would add another layer of security to Apple's existing security code autofill feature, introduced in iOS 12, that can detect one-time passcodes in Messages and display them conveniently above the user's keyboard.

Popular Stories

iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Launching in Two Months With These 16 New Features

Tuesday July 22, 2025 5:00 pm PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max are less than two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models, as of July 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14...
Read Full Article
iPhone 17 Pro Dark Blue and Orange

When Is iPhone 17 Coming Out?

Thursday July 24, 2025 9:11 am PDT by
Apple's iPhone 17 series is expected to debut in September 2025. This release follows Apple's recent trend of introducing new iPhone models annually in the fall. To unveil the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max, Apple is expected to hold its annual iPhone announcement event during the week of September 8, 2025, with September 9 or 10 emerging as the most likely...
Read Full Article
Foldable iPhone 2023 Feature Iridescent 1

Foldable iPhone's Display Sizes Leaked

Tuesday July 22, 2025 6:00 pm PDT by
Apple's first foldable iPhone will be equipped with a 7.8-inch inner display, and a 5.5-inch outer display, according to Taiwanese research firm TrendForce. Apple supply chain analyst Ming-Chi Kuo already mentioned those same display sizes for the foldable iPhone in March, meaning there are now multiple sources backing those sizes, so long as TrendForce is not simply copying what Kuo said. ...
Read Full Article171 comments
Apple AppleCare One hero

Apple Announces 'AppleCare One' Subscription Plan for Multiple Devices

Wednesday July 23, 2025 5:06 am PDT by
Apple today announced AppleCare One, a new subscription plan for customers to cover multiple devices with a single plan. AppleCare One starts at $19.99 per month for up to three products, with the ability to add more for $5.99 per month for each additional device. The plan incudes all of the benefits that come with AppleCare+, such as unlimited repairs for accidents, priority support,...
Read Full Article407 comments
iOS 26 Feature

Everything New in iOS 26 Beta 4

Tuesday July 22, 2025 3:56 pm PDT by
Apple released the fourth beta of iOS 26 today, and the company has continued making changes to the way that Liquid Glass looks. There are also new features, including the return of Apple Intelligence Notification Summaries for news. This beta is of particular interest because it's likely the beta that public beta testers will get in the not too distant future. Liquid Glass Changes Liquid...
Read Full Article83 comments
iOS 18

Apple Shares iOS 18.6 Release Notes

Thursday July 24, 2025 6:33 am PDT by
While the focus is now on iOS 26, there is still an iOS 18.6 update incoming. As noted by Aaron Zollo, Apple on Wednesday re-labeled iOS 18.6 Beta 4 as simply iOS 18.6, meaning that it is the Release Candidate version. This change effectively confirms that the update will be released to the public next week. Alongside the new label, Apple shared release notes for iOS 18.6, which is a...
Read Full Article10 comments
iphone 16 pro models 1

18 Reasons to Wait for the iPhone 17

Tuesday July 22, 2025 8:10 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is now less than two months away, so we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you...
Read Full Article72 comments
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3: What to Expect

Thursday July 24, 2025 7:08 am PDT by
The long wait for an Apple Watch Ultra 3 is nearly over, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the Apple Watch Ultra 3:Satellite connectivity for sending and receiving text messages when Wi-Fi and cellular coverage is unavailable 5G support, up from LTE on the Apple Watch Ultra 2 Likely a wide-angle OLED display that ...
Read Full Article
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Launching in Two Months With These 16 New Features

Saturday July 26, 2025 5:50 am PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max should launch in late September, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models, as of July 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14...
Read Full Article100 comments

Top Rated Comments

fjfjfjfj Avatar
fjfjfjfj
72 months ago
The way iOS captures the text code and fills it automatically is so convenient. It’s one of those little features that just makes things a bit easier and I smile every time it does it.
Score: 36 Votes (Like | Disagree)
adammusic Avatar
adammusic
72 months ago
now work on auto deleting those messages after 10 minutes.
They pile up.
Score: 21 Votes (Like | Disagree)
araadt Avatar
araadt
72 months ago

Way to solve the problems of 10 years ago. Apple used to be more forward looking than this.
If the problems of ten years ago aren’t solved yet that makes them the problems of today.

I could likely get my mother to use 2FA by sms but I’d never be able to convince her of carrying around an Authenticator device or using a keygen app. If we have the opportunity, shouldn’t we refine all options?
Score: 12 Votes (Like | Disagree)
oneMadRssn Avatar
oneMadRssn
72 months ago
2FA using SMS is better than nothing, but is not very secure because of how SMSs can be intercepted.

If Apple is pushing for standards, why not standardize a proper 2FA protocol (e.g., OATH) and require all smartphones to have a standard compatible authenticator app built-in?

Indeed, I bet Apple could do it by themselves if they just bundle a 2FA app into iOS using a common open protocol. It's hard to get users to downloading Authy or similar app, but if its built-in it will take off. Service providers will be incentivized to adopt that protocol so their 2FA can be native in iOS, and the Androids will copy Apple as they always do.
Score: 5 Votes (Like | Disagree)
lobbyist Avatar
lobbyist
72 months ago
It’s a very Apple like proposal - it just works.


The way iOS captures the text code and fills it automatically is so convenient. It’s one of those little features that just makes things a bit easier and I smile every time it does it.
Score: 5 Votes (Like | Disagree)
baryon Avatar
baryon
72 months ago
Yes please! I hate it when making a payment, your bank sends the text but you can only copy the entire message as a whole so you have to remember it. And the code expires after a few seconds.

Actually, not being able to select and copy text from messages is extremely annoying, like when someone sends you someones phone number or email address but doesn't leave a space before and after it... The bane of my existence.
Score: 4 Votes (Like | Disagree)
Read All Comments