Apple and Google's proposal for a more secure two-factor authentication moves forward

A lot of companies have been using two-factor authentication for a long time already. Big companies such as Google and Microsoft, as well as other websites and services enable users to authenticate with a SMS code, besides their password, to further prove the legitimacy of their identity.

However, this functionality can sometimes be used by malicious users and they can trick people to provide passwords and codes to unauthorized websites. Back in January, Apple engineers proposed an idea how to try to make the two-factor authentication system more secure. The proposal draft was co-edited by Theresa O'Connor from Apple and Sam Goto from Google.

Now, AppleInsider reports that the proposal has gained an official status by the Web Platform Incubator Community Group (WICG) which is a popular venue for proposing and discussing future website features. The proposed feature is said to link the specific website or platform with the SMS, containing the code, so the website or app is able to pull the code directly from the SMS without the user’s need to manually type it in.

With this, the possibility for SMS phishing that tricks users to provide the code to malicious websites is reduced. However, it does not solve all problems as it cannot prevent the risk of the SMS itself being hijacked.

The publication as a WICG specification, however, does not assure that Apple’s proposal will be deployed, but it means that the proposal is making its way thought and can potentially be used by websites and entities in the future.