Apple is urging companies to send two-factor messages in a new, more secure format in a bid to curb phishing attacks, as first reported by 9to5mac.
Apple’s code-AutoFill feature makes it so that if a website or an app sends a two-factor authentication code via message, it will appear automatically as an AutoFill suggestion, something that scammers have reportedly started taking advantage of.
According to 9to5mac, when scammers trick people into clicking on fraudulent links, they take the login credentials and use them on the actual website that sends two-factor codes to the user, seeing the code displayed in the AutoFill suggestion gives the user a psychological feeling that the code is legitimate. This is where a new and more secure sending codes of comes in.
With the new format, your iPhone will only offer AutoFill suggestions if the domain in the message and the domain of the website you’re on match. For example, let’s say you’re trying to log into a website that claims to be Twitter.com, but in reality, it’s a phishing link that reads Twitter.login.info.com, your device won’t offer you an autofill suggestion.
The new format, in comparison to the old one, looks something like this:
While this isn’t a foolproof method to deter scammers and phishing attacks, as it relies on the user noticing that the authentication code isn’t auto-filling like it usually would on legitimate websites, it is still a good step forward. However, dedicated authentication apps like Google Authenticator, Microsoft Authenticator and Authy should serve you better.
Image credit: Shutterstock