Apple wants to standardize two-factor authentication messages; Google is backing it

Apple wants to standardize two-factor authentication messages; Google is backing it
Apple typically keeps collaborations with rivals to a minimum. But today some of the company’s engineers have proposed an idea that could improve security and prevent phishing scams, and Google is on board.

Apple and Google want to minimize phishing scams

Engineers of Apple Webkit, a core component of the Safari browser, have suggested companies work towards a standardized format for two-factor authentication SMS messages that contain one-time passcodes to prevent users from falling victim to phishing scams.

The proposal, which is now backed by Google engineers working on Chromium, would introduce new SMS messages that are associated with specific URLs. In other words, the messages would contain the associated login URL inside. 

The format of these messages would then be standardized, which would allow mobile browsers including Safari and Chrome to automatically recognize the associated URL and complete the login process without further input from the user.

By ensuring codes work only on the intended websites, the possibility that users could fall victim to scams by inputting their code on a phishing site is also minimized.

The new message format is represented below. The top line is designed for human users, whereas the bottom is intended for compatible browsers.

747723 is your WEBSITE authentication code. #747723


Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless