Apple and Google want to a common standard for the SMS OTP used for the 2FA @BitFeedCo.

Let’s talk about 2FA (two factor authentication), and after seeing the press release of the launch of the open source platform developed by Google called OpenSK, we remain in a topic by providing that Apple has proposed, and Google has now joined, a standard for the composition of the SMS containing the OTP (One Time Password).

The engineers of Apple’s Webkit, a key component of the Safari browser, have suggested to the companies to work towards a standardized format for the SMS messages for two-factor authentication that contain codes OTP to prevent users falling victim to phishing scams.

The proposal, which is now supported by the engineers at Google who work on Chromium, would introduce new SMS messages are associated with specific URLS. In other words, the messages contain the URL of access associated with on the inside.

The format of these messages would then be standardized, which would allow the mobile browsers, including Safari and Chrome, to automatically recognize the associated URL and complete the logon process without further input from the user.

Ensuring that the codes only work on the websites provided, is minimized also the possibility that users may fall victims of scams by entering their code on a phishing site.

The format of the message standard proposed by Apple is the following:

747723 is your WEBSITE authentication code.
@website.com #747723

Surface to say, however, that the use of an OTP sent via SMS to the second factor of authentication is not recommended by many experts, in view of the nature weak and non-encrypted SMS messages. Instead, it is suggested to use an app designed specifically for this task (for example, Google Authenticator, Microsoft Authenticator or Authy) or, even better, the use of a physical key authentication is compatible with the standard FIDO2.

VIA VIA

Apple and Google want to a common standard for the SMS OTP used for the 2FA @BitFeedCo.