Rechercher dans ce blog

Tuesday, August 4, 2020

iOS 14 adds domain-bound codes to make SMS one-time passcodes more secure - 9to5Mac

ios.indah.link

Earlier this year, Apple’s WebKit team proposed a change to the format of SMS one-time passcodes to make two-factor authentication more secure. Apple confirmed today that developers can already implement these changes with iOS 14 and macOS Big Sur.

With iOS 12, Apple has allowed websites and apps that require two-factor authentication to auto-fill codes sent via SMS. And now, the company is making this process even easier and secure by implementing something they call “domain-bound code.”

Additionally, starting with iOS 14 and macOS Big Sur, we’re adding an extra layer of security to SMS-delivered codes by allowing you to associate codes with a specific web domain.

Apple explains that domain-bound code allows iOS and macOS to suggest auto-filling the two-step authentication code only if the domain is a match for the website or one of your app’s associated domains.

Let’s say you get a code associated with the “twitter.com” domain. With iOS 14 and macOS Big Sur, this code can only be accessed by the official Twitter app or website. According to Apple, this change makes it harder for hackers to trick users with malicious websites asking for two-factor authentication codes.

For example, if you receive an SMS message that ends with @example.com #123456, AutoFill will offer to fill that code when they interact with example.com, any of its subdomains, or an app associated with example.com. If instead you receive an SMS message that ends with @example.net #123456, AutoFill will not offer the code on example.com or in example.com’s associated app.

Apple has shared an article with the documentation developers need to implement SMS domain-bound codes in apps and websites. While regular two-factor authentication codes will continue to work, the company recommends that developers update the codes to the new standard.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

The Link Lonk


August 05, 2020 at 04:13AM
https://ift.tt/2XnoqIn

iOS 14 adds domain-bound codes to make SMS one-time passcodes more secure - 9to5Mac

https://ift.tt/2ZaIe2Q
iOS

No comments:

Post a Comment

Featured Post

Microsoft’s xCloud game streaming is now widely available on iOS and PC - The Verge

ios.indah.link Microsoft’s xCloud, the cloud game streaming component of Xbox Game Pass Ultimate that doesn’t require a console to use, is ...

Popular Posts