Apple prepares developers for new authentication SMS |Macgeneration

From iOS 14 and macOS BIG SUR, Apple will use a new system to manage the authentication codes received by SMS, when you have to validate your identity on a website or in a app.

This is the realization of an Apple initiative, detailed last January, and that any operating systems publisher can take over (read Apple offers to standardize SMS with authentication code).

Today, Apple explains to developers how to format the text of the authentication SMS they send to their users, in a way that can guarantee their origin.

This insurance, for the user, goes through the presence in the SMS of a domain name identical to that of the website on which you identify (or, if it is an app, it mustalso be linked to this field).

These messages will have a standard form.They will start with an explanation text whose content is left to the good care of the transmitter, followed by a line with precise syntax: a domain name preceded by an arobase then the 6 -digit authentication code.It is this code which is then displayed in the entry interface and which can be entered from a TAP, without having to type it on the keyboard or copy and paste.

The difference, with the current method which is already based on this principle of automatic filling, is that the code will only be offered to the user if there is a correspondence between the domain name of the site you visit and thatIncluded in the SMS received.Otherwise, Safari or the app will refrain from activating automatic filling.

This method does not replace the previous one, we can always receive identification SMS without any particular formatting and the automatic filling function will always take them into account, but Apple enjoins to adopt this new device.

This security reinforcement when using these SMS should also be used by Google for Chrome, perhaps waiting for other browser editors.Apple submitted this mechanism to W3C for standardization.