We are reader supported. External links may earn us a commission.


Apple Messages is now better at blocking phishy 2FA SMS codes

By Sanuj Bhatia February 1, 2022, 5:00 am
Apple iPhone 12 review

One of Apple's under-appreciated features is the autofill codes iOS scans. Whenever a one-time passcode (OTP) or a code arrives in your SMS inbox, iOS automatically scans the message for OTP and presents a button for filling it with one tap. However, the functionality was being targeted by phishing hackers and cybercriminals.

According to a report from Macworld, Apple's 2FA autofill no longer works when it detects a potential phishing attack. The feature was introduced with iOS 15, iPadOS 15, and macOS 12 Monterey. Apple is now asking companies to send SMS codes in a new secure format. As per the new format, messages should read something as "Your Apple ID Code is: 123456. Don’t share it with anyone. @apple.com #123456 %apple.com" instead of "Your Apple ID Code is 123456. Don’t share it with anyone."

ios autofill sms 2fa Source: Twitter

The new format will only offer autofill verification codes when the domain matches. For example, if you sign in on a website that claims to be apple.com but the link is to apple.securelogin.com, which may be phishing, iOS won't offer you the 2FA autofill code. According to Macworld, the format should be:

  • A standard human-readable message, including the code, followed by a new line.
  • The scoped domain as @domain.tld.
  • The code repeated again as #123456.
  • If the site uses an embedded HTML element, called an iframe, the source of the iframe is listed after %, such as %ecommerce.example. (The original spec specifies @; Apple appears to be using % for its texts.)

While the new format isn't full-proof, it will still deter some of the phishing attempts. It's worth noting that the autofill codes now work only when the website sends SMS in the new format and none other. If you don't like SMS 2FA, you can opt for Apple's in-built authentication tool. You can access the tool by going to Settings → Passwords → select the website for which you want to enable 2FA → Set Up Verification Code.

Source: Macworld | Via: 9to5Mac


Latest Articles


Here's how the Apple iPod changed the world in 21 years

iPod was an industry-changing device at its time, and it had a massive impact on modern smartphones, and the way we listen to music. We take a last look at the now-discontinued Apple iPod and the history it leaves behind.

By Roland Udvarlaki May 11, 2022, 10:00 am

How to use Mic Modes in VOIP and FaceTime Calls

This guide will go over the steps you need to follow to activate one of the available Mic Mode settings on Apple Devices to begin using the feature and improve your calling experience.

By Aryan Suren May 10, 2022, 10:00 am

This iPhone 14 feature might urge users to upgrade

Until now, it appeared that iPhone 14 would only be a minor upgrade over the iPhone 13 series. However, a new leak suggests that the iPhone 14 will come with one feature that might urge users to upgrade.

By Sanuj Bhatia May 9, 2022, 5:00 am