Apple’s WebKit engineers are working on a new standard format for text messages that contain security codes for two-factor authentication.
The Apple proposal was published yesterday on GitHub and aims to simplify the OTP SMS mechanism commonly used by websites and online services to confirm access information via two-factor authentication.
Two-step solutions require a user password and another element, in this case a one-time code sent by SMS, to access a target account. Currently, it is difficult for the operating system used by the user to automatically extract the necessary information from an OTP SMS message, because it can arrive in different text formats. This means that users must manually enter the received code by SMS.
Apple’s proposal aims to eliminate manual intervention by the user in the SMS OTP process, which is now required to copy and paste codes in the browser or application to authenticate. In addition, this standard format would ensure that unique codes sent by SMS are only used on the original sites.
The light text format developed by Apple incorporates code that can only be used once in an SMS and links this code to a source URL. This solution allows recipient systems (such as iOS) to automatically extract the code and access an associated website without user intervention.
Apple provides an example of SMS:
747723is your WEBSITEauthentication code.
The first line of the message is optional user-readable text for all relevant information. Special characters are then used to indicate the unique code and associated source URL, which in this case are “747723” and “website.com”, respectively.
Google also supports the development of this format.