Apple Introduces A New Way To Make SMS Passcodes More Secure In iOS 14

You may call that iPhone users become blind to other options when they see the charm of the Apple logo on the back of their phones but the truth in the matter is that Apple lately has started to offer some great security and privacy options that people seem to be enjoying a lot.

The major trend of providing users a safe environment started back in iOS 13 when people became more concerned about the privacy breach issues every tech company had to face. Apple turned out to be one of the few that lead the campaign in taking care of customer’s privacy and with every update, they introduce more useful features. However, with iOS 14 coming out this fall, users can now expect something every bigger than before.

In a developer's blog post, Apple has stated that they will now make SMS as one time codes (pretty much like domain bound codes) which can be used for two-factor authentication and eventually extra security. The move was proposed earlier this year by Apple's WebKit team but its implementation will begin with iOS 14.

How Do Domain Bound Codes Work?

You may have seen passcodes arriving via SMS on your phones for two-factor authentication. iPhones make things even more easy with the help of Security Code AutoFill which makes the codes appear in the QuickType bar on its own. Now with iOS 14 and macOS Big Sur, Apple is adding an extra layer of security by letting users associate codes to a particular web domain.

In the blog post related to the update, Apple has further explained that the Autofill will suggest the code “if—and only if—the domain is a match for the website or one of [the] app’s associated domains.”

If you are wondering how that would look in the example then Apple showed that if you receive an SMS message which comes to an end with @example.com #121314, AutoFill will only work to fill that code for you when you interact with example.com, any of its subdomains, or some app that is connected with the domain.

On the other hand, if the SMS message ends with @example.org #121314, AutoFill will not offer the code on example.com and its associations.

Doing so will improve the security to a level that it will become hard for an attacker to trick anyone into entering one-time codes into a phishing site.

Unfortunately, SMS Codes Are Not Ideal For 2FA

While it is definitely a good move by Apple, cybersecurity experts still don't trust the two-factor authentication as they think that SIM swapping or physical access to the phone can help the attackers to beat this level of security and then users' accounts would be compromised.

A good alternative can be a free authenticator app in which users can buy the security key when they feel like it? For now, you can also use Yubico YubiKey for security keys or authenticator apps like Autho to make your iPhones more secure.



Read next: Your iPhones Might Become Payment Terminals Soon
Previous Post Next Post