Google working on transferring SMS One Time Passwords from your phone to your PC

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,264
It is a very common experience to have to verify your identity on the desktop web by having to enter a passcode sent via SMS to your smartphone. Often this involved having to dig up your phone and accurately copy over the code.

With Chrome 93, Google is working on the ability for your desktop browser to automatically read the code sent to your Android phone.

Chrome 93 supports the WebOTP (Web One Time Password) interface, so if websites also use the technology, your web browser will automatically detect that your phone has received the code.

For this of course you need an Android phone, and both your handset and desktop browser must be signed into the same Google account.

You can try out the feature now with Chrome 93 beta at this demo page here.

Unfortunately, the feature is dependent on the Chromium web engine and is currently unsupported on iOS.
 
Jun 21, 2020
363
I guess another reason Google wants us to exclusively use their browser with all its privacy issues.

It has often been mentioned on the web that SMS can be intercepted compared to other 2FA methods .
Rather than inception being worrisome, on the contrary, it's worrisome about the fact that the SMS is sent in (open) plain text. Especially so, since Bluetooth and NFC can also be intercepted, while those technologies are used for wireless payment and data transfers which in my opinion is of a more sensitive (important?) nature. The difference between those two and SMS is both interception range and needing access to the Cell Tower (with climbing equipment mind you).
 
Last edited:

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
626
Rather than inception being worrisome, on the contrary, it's worrisome about the fact that the SMS is sent in (open) plain text. Especially so, since Bluetooth and NFC can also be intercepted, while those technologies are used for wireless payment and data transfers which in my opinion is of a more sensitive nature. The difference between those two and SMS is both interception range and needing access to the Cell Tower (with climbing equipment mind you).

That being said is why Signal Messenger is often mentioned for more security in regards to SMS but the caveat is that all your contacts and/or receipients must have the app installed on their phones for secure SMS to work well.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top