Apple wants to standardize two-factor authentication messages; Google is backing it
Apple typically keeps collaborations with rivals to a minimum. But today some of the company’s engineers have proposed an idea that could improve security and prevent phishing scams, and Google is on board.
Engineers of Apple Webkit, a core component of the Safari browser, have suggested companies work towards a standardized format for two-factor authentication SMS messages that contain one-time passcodes to prevent users from falling victim to phishing scams.
The proposal, which is now backed by Google engineers working on Chromium, would introduce new SMS messages that are associated with specific URLs. In other words, the messages would contain the associated login URL inside.
The format of these messages would then be standardized, which would allow mobile browsers including Safari and Chrome to automatically recognize the associated URL and complete the login process without further input from the user.
Apple and Google want to minimize phishing scams
Engineers of Apple Webkit, a core component of the Safari browser, have suggested companies work towards a standardized format for two-factor authentication SMS messages that contain one-time passcodes to prevent users from falling victim to phishing scams.
The format of these messages would then be standardized, which would allow mobile browsers including Safari and Chrome to automatically recognize the associated URL and complete the login process without further input from the user.
By ensuring codes work only on the intended websites, the possibility that users could fall victim to scams by inputting their code on a phishing site is also minimized.
The new message format is represented below. The top line is designed for human users, whereas the bottom is intended for compatible browsers.
747723 is your WEBSITE authentication code.
Things that are NOT allowed: