Apple’s SMS OTP Standard Proposal Gets Google’s Backing

SMS One Time Password Standard

We depend on one-time passwords (OTP) a lot for logging into online banking accounts, social media, and other internet-based services. And it’s tough to switch to the messaging app to read the SMS and switch back to the app and enter the OTP to log in. However, Apple is proposing a standard SMS OTP format, which would make things easier.

Apple engineers are proposing to standardize all SMS OTP messages, and they’re getting the much-needed help and push from Google. The Cupertino-based firm first proposed the standard in January, and it has now reached the status of specifications draft with the Web Platform Incubator Community Group (WICG).

The standard proposed by the iPhone maker is made by engineers working on the Safari Webkit project. The newly introduced SMS OTP format fixes some of the issues that exist in the current version. Right now, all companies use different formats unique to their own services, which Apple aims to fix.

Apple is proposing every SMS OTP message to include the OTP, the name of the website, and the URL of the service/website. The first line is intended for humans, and it determines where the OTP for 2FA (two-factor authentication) came from. The second line is designed for web browsers and mobile apps so that they can automatically fetch the information. Here’s the proposed format:

123456 is your WEBSITE authentication code. #123456

Engineers and experts believe that a standardized format will reduce some of the risks associated with SMS OTPs during 2FA. It can’t solve all the security risks, including the SMS hijacking and SIM swap, but it will at least make some progress. Mozilla hasn’t shown any interest in the new proposal, but Apple’s new format has received an overwhelming response from other brands, including Google.

[Source: Twitter]