iOS 14 adds domain-bound codes to make SMS one-time passcodes more secure

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Earlier this year, Apple’s WebKit team proposed a change to the format of SMS one-time passcodes to make two-factor authentication more secure. Apple confirmed today that developers can already implement these changes with iOS 14 and macOS Big Sur.

With iOS 12, Apple has allowed websites and apps that require two-factor authentication to auto-fill codes sent via SMS. And now, the company is making this process even easier and secure by implementing something they call “domain-bound code.”
Additionally, starting with iOS 14 and macOS Big Sur, we’re adding an extra layer of security to SMS-delivered codes by allowing you to associate codes with a specific web domain.
Apple explains that domain-bound code allows iOS and macOS to suggest auto-filling the two-step authentication code only if the domain is a match for the website or one of your app’s associated domains.

Let’s say you get a code associated with the “twitter.com” domain. With iOS 14 and macOS Big Sur, this code can only be accessed by the official Twitter app or website. According to Apple, this change makes it harder for hackers to trick users with malicious websites asking for two-factor authentication codes.

For example, if you receive an SMS message that ends with @example.com #123456, AutoFill will offer to fill that code when they interact with example.com, any of its subdomains, or an app associated with example.com. If instead you receive an SMS message that ends with @example.net #123456, AutoFill will not offer the code on example.com or in example.com’s associated app.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top