Apple wants to make the two-factor SMS authentication process more secure. The team of developers of WebKit, the engine behind the Safari browser, presented a proposal to establish an authentication standard with a simpler, more accessible format that does not need human interaction to function.
According to the proposal published on GitHub, the project has two objectives in mind: the first involves associating authentication SMS with the URL address sent by the website. The second indicates that the format of the messages must be standardized, so that a browser can identify the received SMS and extract the code, completing the operation without user intervention.
The proposed format features a line of code that can be read by users, followed by another one aimed at applications and browsers. To differentiate them, the text that needs to be read by the programs has an "@", which indicates the address, and a "#" for the authentication code.
The proposal of the developers of WebKit thus wants to eliminate the risk of users authenticating their access on malicious websites. If the system is unable to complete the verification, it will reveal the URL of the page in question. If the addresses do not match, the user will be alerted and the operation will be canceled.