Apple, Google Partner To Develop Standardized Format For One-Time SMS Code

With the aid of Google engineers, Apple is working to establish a standardized format for one-time SMS authentication code. This proposal received the official status for a specification of the WICG (Web Platform Incubator Community Group) this month.

On April 2, an preliminary report on Apple's "Origin-bound one-time codes delivered via SMS" project was published by WICG, was co-edited by Theresa O'Connor of Apple and Sam Goto of Google.

The initiative was initially proposed by the developers behind Apple WebKit and funded by Google. The aim of the initiative is to simplify the OTP SMS mechanism widely used by websites, companies and other entities to validate login credentials as part of a two-step verification method.

Nowadays, websites use one-time codes for authentication. Amongst them, SMS is a common method for distributing these codes to users, but it can be risky to use SMS to deliver one-time codes. There is therefore a vital must seek to reduce some of the risks associated with the distribution of one-time SMS codes.

Using a "lightweight text format," the recommended format embeds an actionable one-time code into the SMS and links the code to the source URL. The recipient system will extract the code and log in to the appropriate website automatically. Apple hopes to promote this status quo for a higher security.

An example of OTP SMS:
747723 is your ExampleCo authentication code. #747723
So far, Safari and Chrome shows Positive for stakeholder feedback, while Firefox still having mixed signals.

Post a Comment

Previous Post Next Post