Apple wants to standardize two-factor authentication messages; Google is backing it
Apple and Google want to minimize phishing scams
Engineers of Apple Webkit, a core component of the Safari browser, have suggested companies work towards a standardized format for two-factor authentication SMS messages that contain one-time passcodes to prevent users from falling victim to phishing scams.
The proposal, which is now backed by Google engineers working on Chromium, would introduce new SMS messages that are associated with specific URLs. In other words, the messages would contain the associated login URL inside.
The format of these messages would then be standardized, which would allow mobile browsers including Safari and Chrome to automatically recognize the associated URL and complete the login process without further input from the user.
By ensuring codes work only on the intended websites, the possibility that users could fall victim to scams by inputting their code on a phishing site is also minimized.