Apple Engineers Propose Standardized Format for SMS One-Time Passcodes

Apple WebKit engineers have put forward a proposal to make one-time passcode SMS messages more secure by developing a standardized format for the two-step verification process, reports ZDNet.

one time passcode sms black background
Two-step verification logins require a user's password and another element that only the user would know – in this case, a one-time code sent via text message – to gain access to an online account.

As it stands, these SMS messages can arrive in a variety of formats, making it difficult or impossible for apps and websites to detect them and automatically extract their information.

Apple's proposal has two goals. The first is to introduce a way that one-time passcode SMS messages can be associated with the website, by adding the login URL inside the message itself.

The second goal is to standardize the format of the SMS messages, so that browsers and other apps can identify the incoming message, recognize the URL, and then extract the OTP code for automatic insertion into the appropriate login field on the website.

The idea behind automating OTP entry is that it eliminates the risk of users falling for a scam and entering an OTP code on a phishing site with a different URL.

Apple developers provided the following example of the new format SMS message for OTP codes:

747723 is your WEBSITE authentication code.
@website.com #747723

The first line is intended for the user, enabling them to determine the website that the SMS OTP code came from, while the second line is processed by browsers and apps so that they can automatically extract the OTP code and complete the 2FA login operation.

If auto-complete fails, users will be able to check the URL of the website that sent the text against the site they're trying to log in to.

According to the report, Google Chrome engineers are already on board with Apple's proposal, but Mozilla's Firefox team have yet to provide official feedback on the standard.

The new proposals would add another layer of security to Apple's existing security code autofill feature, introduced in iOS 12, that can detect one-time passcodes in Messages and display them conveniently above the user's keyboard.

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Be Compatible With These iPhones

Sunday December 22, 2024 8:09 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple. The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro ...
m3 macbook air blue

Apple Accidentally Leaked the Next MacBook Air

Sunday December 22, 2024 8:33 am PST by
Apple earlier this month released macOS 15.2, and in doing so it accidentally confirmed new MacBook Air models coming next year. Apple accidentally released macOS 15.2 restore files for unreleased "‌MacBook Air‌ (13-inch, M4, 2025)" and "‌MacBook Air‌ (15-inch, M4, 2025)" models. While it no surprise that the 13-inch and 15-inch MacBook Air models were going to be updated with the M4 ...
iPhone 17 Slim Feature Single Camera 2 Redux

Top 5 Apple Products to Look Forward to in 2025

Friday December 20, 2024 2:22 pm PST by
It's looking like 2025 is going to be an important year for Apple, with the company planning to revamp the iPhone, push further into smart home products, and improve Apple Intelligence. There are tons of new products rumored for 2025, including new iPhones, M4 Macs, a smart home command center, and much more. We've highlighted the top five Apple products that will have the biggest impact in...
Generic iOS 18 Feature Real Mock

iOS 18.2.1 Update Coming Soon for iPhone

Saturday December 21, 2024 4:45 pm PST by
Apple appears to be internally testing iOS 18.2.1 for the iPhone, based on evidence of the software update in our website's analytic logs this week. The logs have accurately revealed many iOS versions before they were released. iOS 18.2.1 should be a minor update that fixes bugs and/or addresses security vulnerabilities, but it is unclear which specific issues might be resolved. The update...
Google Nest Hub 2

New 'HomePod' With 7-Inch Display, A18 Chip, and More Reportedly Launching Next Year

Saturday December 21, 2024 2:03 pm PST by
Apple plans to release a new "HomePod" with a 7-inch LCD display, an A18 chip, and Apple Intelligence support in 2025, according to DigiTimes. Google's Nest Hub It is unclear how much the screen-equipped HomePod would cost, but Apple is seemingly aiming for a reasonable price. In a paywalled report this week, the supply chain publication said Apple has selected China-based manufacturer Tianma ...
iPhone 16 Apple Store

iPhone Sizes Change Next Year: What to Know

Monday December 23, 2024 7:40 am PST by
This year, Apple tweaked iPhone 16 Pro screen sizes to make them bigger than 2023's iPhone 15 Pro models, and next year we are also expecting a change in the size of the displays in the iPhone 17 lineup. Here's what we know. Standard iPhone 17 Apple could introduce a new display size for the standard iPhone 17 model in 2025. The iPhone 17 could measure in at 6.3 inches, up from 6.1 inches,...
iphone 16 pro design cameras

iPhone 18 Pro Rumored to Be More Like DSLR Camera With This Upgrade

Monday December 23, 2024 6:24 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are still nearly two years away from launching, a new feature has already been rumored for the devices. In a blog post today, Apple supply chain analyst Ming-Chi Kuo reiterated that the main rear camera on both iPhone 18 Pro models will offer variable aperture, which would be a first for the iPhone. The main camera refers to the 48-megapixel...
apple tv 4k yellow bg feature

New Apple TV Rumored to Launch Next Year With These Features

Tuesday December 17, 2024 9:02 am PST by
The current Apple TV 4K was released more than two years ago, so the streaming device is becoming due for a hardware upgrade soon. Fortunately, it was recently rumored that a new Apple TV will launch at some point next year. Below, we recap rumors about the next-generation Apple TV. Bloomberg's Mark Gurman last week reported that Apple has been working on its own combined Wi-Fi and...

Top Rated Comments

fjfjfjfj Avatar
64 months ago
The way iOS captures the text code and fills it automatically is so convenient. It’s one of those little features that just makes things a bit easier and I smile every time it does it.
Score: 36 Votes (Like | Disagree)
adammusic Avatar
64 months ago
now work on auto deleting those messages after 10 minutes.
They pile up.
Score: 21 Votes (Like | Disagree)
araadt Avatar
64 months ago

Way to solve the problems of 10 years ago. Apple used to be more forward looking than this.
If the problems of ten years ago aren’t solved yet that makes them the problems of today.

I could likely get my mother to use 2FA by sms but I’d never be able to convince her of carrying around an Authenticator device or using a keygen app. If we have the opportunity, shouldn’t we refine all options?
Score: 12 Votes (Like | Disagree)
oneMadRssn Avatar
64 months ago
2FA using SMS is better than nothing, but is not very secure because of how SMSs can be intercepted.

If Apple is pushing for standards, why not standardize a proper 2FA protocol (e.g., OATH) and require all smartphones to have a standard compatible authenticator app built-in?

Indeed, I bet Apple could do it by themselves if they just bundle a 2FA app into iOS using a common open protocol. It's hard to get users to downloading Authy or similar app, but if its built-in it will take off. Service providers will be incentivized to adopt that protocol so their 2FA can be native in iOS, and the Androids will copy Apple as they always do.
Score: 5 Votes (Like | Disagree)
lobbyist Avatar
64 months ago
It’s a very Apple like proposal - it just works.


The way iOS captures the text code and fills it automatically is so convenient. It’s one of those little features that just makes things a bit easier and I smile every time it does it.
Score: 5 Votes (Like | Disagree)
baryon Avatar
64 months ago
Yes please! I hate it when making a payment, your bank sends the text but you can only copy the entire message as a whole so you have to remember it. And the code expires after a few seconds.

Actually, not being able to select and copy text from messages is extremely annoying, like when someone sends you someones phone number or email address but doesn't leave a space before and after it... The bane of my existence.
Score: 4 Votes (Like | Disagree)