Apple engineers suggest a standardized format for one-time passcodes
by Evan SelleckOne-time passcodes are a quick and easy way to log in to some accounts, but some Apple engineers believe it should boast a standardized format.
ZDNet has the report, which states that some Apple engineers have put forward the proposal to build a standardized format for the two-step verification process, which they suggest would make the whole process even more secure. The proposal has two goals: the first is to make it so that the associated SMS message can be linked to the website by hiding the URL link within the message.
Meanwhile, the second part of the proposal would make it so that the standardized format of the SMS message, which will make it easily identifiable in browsers and other apps, recognize that URL, and then automatically extract that one-time passcode to be automatically inserted in the website someone’s trying to log into.
By doing this, the process of receiving and entering a one-time passcode could be automated, eliminating the risk of a user falling for a scam and entering an OTP code on a phishing site, with the wrong URL.
According to the new proposal, the new SMS format for OTP codes would look like below:
747723 is your WEBSITE authentication code.
@website.com #747723
It’s pretty straightforward: the top line is for the user, letting them know which website is requesting the one-time passcode, while the second line is for the website. And in the unlikely event that the process fails, users will be able to tap the URL link and insert the information manually.
The proposal has gone over well so far, according to the report. Google engineers are on board with the idea put forward by Apple’s engineers. However, Mozilla hasn’t said one way or another just yet.
What do you think of the idea?