One-time passwords are becoming more and more common in our lives to improve security when logging into different services. But this process although it is focused on improving our security, it can also become insecure and Apple wants to improve this system.
Apple wants to improve the two-factor system
According to the ZDNet media, Cupertino’s company is preparing a proposal to improve this two-factor authentication system. Right now when we log in to a website, we are asked to enter a verification code that comes to us via SMS. Apple is now proposing that this code can be associated with a URL that is sent in the SMS itself.
In addition to this idea, they also propose to complete the integration of this verification system with browsers. Let’s not fool ourselves, the two-factor security system can be a bit tedious. Having to look at your mobile phone to enter a code that is sent by SMS is not the most comfortable thing there is and this is what Apple wants to work on.
The company’s engineers propose that browsers should be able to automatically extract the OTP code in order to complete the login without the user intervening more than necessary. This would certainly be great news but it requires that browsers and applications can detect one-time passwords and the domain. In iOS we already have the possibility to enter the authentication code automatically in some services, since the device detects the code that has come to us in the last SMS.
Obviously these proposals must have the backing of the major web browsers. At the moment both Google and Apple have shown a positive attitude towards this proposal, which undoubtedly ends up making us quite happy. The only one that hasn’t shown its support, for the moment, is Mozilla but we hope that in the end the pressure of the other browsers will end up making a dent.
This Apple system will improve user security
Apple’s WebKit engineers are already preparing what the corresponding message to users should look like . This would contain a first line dedicated to informing the user where the message comes from and the second line is for the website to complete verification.
What this system will do is help users to avoid receiving pishing attacks. ZDNet explains it in the following way:
We think it might be a very good idea to use this system proposed by Apple’s engineers. A new security layer is added to prevent pishing attacks that are certainly the order of the day.
And you, what do you think of this new idea that Apple has had?