Apple two-factor authentication feature now blocks SMS autofill for phishing attacks


Level 37
Thread author
Top poster
Nov 10, 2017
Apple’s two-factor authentication autofill feature makes it painless to enter verification codes sent via SMS, but phishing attackers are getting savvy to this.

When they trick people into clicking on a fake link to a site that prompts for an SMS code, they do the same, so it looks legit when autofill offers to paste it in for you …
But Apple is now guarding against this by asking companies to send SMS codes in a new, more secure format.

With this format, your devices will only offer to autofill a verification code if the domains match. For example, if the site claims to be but the phishing link is to, then you won’t be offered the autofill option.

The new format, which you may have started to see from late last year, looks like this: