Apple engineers have put forward a proposal today to standardize the format of the SMS messages containing one-time passcodes (OTP) that users receive during the two-factor authentication (2FA) login process. From a report: The proposal comes from Apple engineers working on WebKit, the core component of the Safari web browser. The proposal has two goals. The first is to introduce a way that OTP SMS messages can be associated with an URL. This is done by adding the login URL inside the SMS itself. The second goal is to standardize the format of 2FA/OTP SMS messages, so browsers and other mobile apps can easily detect the incoming SMS, recognize web domain inside the message, and then automatically extract the OTP code and complete the login operation without further user interaction. By doing this, the process of receiving and entering a one-time passcode could be automated, eliminating the risk of a user falling for a scam and entering an OTP code on a phishing site, with the wrong URL.
of this story at Slashdot.
Source:: Slashdot