Apple Calls for Standardized One-Time Password SMS for Two-Factor Logins

Apple wants a standard for one-time passwords (OTPs) that are sent via text messages on mobile phones for 2FA login purposes.

According to a new report from ZDNet, the proposal has two goals. The first is to introduce a new way that OTP SMS messages can be associated with a URL by adding the login URL inside the SMS itself.

The second goal is to standardize the format of these kinds of messages so browsers and other mobile apps can easily detect the incoming SMS, recognize web domain inside the message, and then automatically extract the relevant code and complete the login operation.

According to the new proposal, the new SMS format for OTP codes would look like below:

747723 is your WEBSITE authentication code. #747723

The first line in the standardized SMS format is for users to understand which service is the OTP for, while the second line in the message shows the website’s address that is requesting an authentication code and the OTP. Apps and web browsers can then extract this information to securely log into websites or apps.

“Currently, Apple (WebKit) and Google (Chromium) engineers are already on board with the proposal,” reads the report. “Mozilla (Firefox) has not provided official feedback on the standard yet.”