Skip to content

Apple improves SMS-delivered code security with ‘domain-bound’ codes

2020 August 4
by RSS Feed

By now you’ve probably used a service that will send you a text message that includes a specific code sent to you in a text message, usually in an effort related to security measures while logging into something.

It’s meant to be a secure way to generate a code at the time, input that code, and then securely log into a site or service. But Apple wants to make it even more secure for users, and so it has outlined what it calls “domain-bound” codes in a new dedicated support sheet for the feature (via 9to5Mac). iOS already makes it easy to automatically input those codes when the text message is received, but with iOS 14 and macOS 11 Big Sur, that inherent security is getting even better.

With domain-bound codes, the code itself is associated directly with a specific web domain. Here’s how Apple describes how the feature works, in brief:

When you use a domain-bound code, AutoFill will suggest the code if — and only if — the domain is a match for the website or one of your app’s associated domains. For example, if you receive an SMS message that ends with @example.com #123456, AutoFill will offer to fill that code when they interact with example.com, any of its subdomains, or an app associated with example.com. If instead you receive an SMS message that ends with @example.net #123456, AutoFill will not offer the code on example.com or in example.com’s associated app. This makes it harder for an attacker to trick someone into entering one-time codes into a phishing site.

Apple notes in the support document that the standard SMS-delivered codes will still be supported by iOS and macOS moving forward, but the company suggests that everyone who takes advantage of this security step also adopt the domain-bound codes as well.

This sounds like a nice addition to Apple’s security-focused efforts in the market as a whole, but it will only go as far as developer support can take it. The good news here is that, based on the support document, implementing support for domain-bound codes looks pretty straightforward. If you are a developer and want to look into it, check out the document.

These changes are coming to iOS 14 and macOS 11 Big Sur, and both updates for the operating systems are expected to arrive this fall.

Source link: https://www.idownloadblog.com/2020/08/04/sms-domain-bound-ios-14-code-security/

Leave a Reply

Note: You may use basic HTML in your comments. Your email address will not be published.

Subscribe to this comment feed via RSS