{"id":108348,"date":"2020-01-31T02:43:39","date_gmt":"2020-01-31T02:43:39","guid":{"rendered":"https:\/\/appleinsider.com\/articles\/20\/01\/30\/apple-proposes-standardized-format-for-sms-one-time-passcodes"},"modified":"2020-01-31T02:43:39","modified_gmt":"2020-01-31T02:43:39","slug":"apple-seeks-to-simplify-two-step-verifications-with-standard-sms-format","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2020\/01\/31\/apple-seeks-to-simplify-two-step-verifications-with-standard-sms-format\/","title":{"rendered":"Apple seeks to simplify two-step verifications with standard SMS format"},"content":{"rendered":"

 <\/span> <\/p>\n

By AppleInsider Staff <\/a>
Thursday, January 30, 2020, 06:43 pm PT (09:43 pm ET)<\/span> <\/p>\n

Apple’s WebKit engineers are working on a standardized format for SMS messages containing one-time passcodes, an initiative that could one day better protect users by streamlining two-step authentication logins.
<\/span><\/p>\n

\n
\"Two-step\"<\/div>\n

Apple previously relied on two-step verification for Apple ID.<\/span><\/div>\n

Posted to GitHub on Thursday, the proposal from Apple seeks to simplify<\/a> the OTP SMS mechanism commonly used by websites, businesses and other entities to confirm login credentials as part of two-step authentication systems, reports ZDNet<\/em>.<\/p>\n

Two-step solutions require a user’s password and another element, in this case a one-time code sent over SMS, to gain access to a target account. Currently, it is difficult to impossible for software to automatically extract the necessary information from an OTP SMS message, as they can arrive in a range of text formats. This means users must manually enter the provided code into an input box. <\/p>\n

Apple’s proposal<\/a> seeks to eliminate user intervention in the OTP SMS process, namely copy-and-pasting one-time codes from messages into a browser. It also states that a more refined solution would ensure that one-time codes sent over SMS are used only on originating sites. <\/p>\n

Using a “lightweight text format,” the proposed format embeds an actionable one-time code in an SMS message and links that code to a particular originating URL. Doing so allows recipient systems to automatically extract the code and log in to an associated website. <\/p>\n

Apple provides an example SMS:<\/p>\n

747723 is your [website] authentication code.
@website.com #747723<\/p><\/blockquote>\n

The first line in the message above is optional human-readable text to explain the incoming message, while the second line contains information for programmatic use. Special characters are employed to denote the one-time code and originating URL, which in this case is “747723” and “website.com,” respectively. <\/p>\n

Apple and Google have signed on to the proposal, while Mozilla has not made an official statement on the standard, the report said. <\/p>\n

For its part, Apple has moved its products from two-step verification to more secure two-factor authentication methods that rely on passcodes sent to pre-enrolled trusted devices. <\/p>\n

<\/span> <\/p>\n","protected":false},"excerpt":{"rendered":"

  By AppleInsider Staff Thursday, January 30, 2020, 06:43 pm PT (09:43 pm ET) Apple’s WebKit engineers are working on a standardized format for SMS messages containing one-time passcodes, an initiative that could one day better protect users by streamlining two-step authentication logins. Apple previously relied on two-step verification for Apple ID. Posted to GitHub […]<\/p>\n","protected":false},"author":2,"featured_media":108349,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[],"class_list":["post-108348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apple-insider"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/108348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=108348"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/108348\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/108349"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=108348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=108348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=108348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}