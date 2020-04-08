A while ago we explained that Apple was looking for ways to improve authentication security in two factors. Methods like SIM swapping had led to deception that more than one had been the victim of, leading to the sending of numbers through notifications instead of SMS. But now Google has supported a new initiative by Apple to make sending SMS messages safer.

We saw this initiative at the end of January: it consists of a universal and automated message to implement in all SMS that send a two-factor authentication code. The key is that this message could be detected by the mobile applications and web pages, so that we would not have to enter the code manually.

Same security, less effort

Also, thanks to this automation, we would better detect a fraudulent message. In the worst case scenario, this malicious message would have the same format as the protocol, and when automatically collecting it, it would fail because the code would not be the authentic one. Thanks to Google’s support, the proposal is now officially a draft on the Web Platform Incubator Community Group.

We cannot assure that the initiative will end up becoming a reality (and it remains to be seen how many companies will adopt it), but at the moment the criticism received is good. Meanwhile, both Apple and Google continue to send their two-factor authentication codes through integrated notifications from their official systems and apps. If you receive one of those codes by SMS when you have not asked for it, be suspicious.

