Apple wants a standardized for one-time passwords (OTPs) that are sent via text messages on mobile phones for login purposes. Google is already on board with the idea, but Mozilla hasn’t offered feedback yet.
Apple engineers who are working on WebKit (the core component of Safari web browser) have proposed an idea via that outlines a standardized format for one-time passwords received by smartphones via text messages (or SMS). The format that’s explained on GitHub is made for both computers and humans.
The idea proposed by the iPhone maker’s engineers has two goals: adding the login URL inside the text message and standardize the format so that every browser or smartphone can understand it. The first goal makes sure that users are saved from phishing attacks since it mentions the actual URL of the website or service. The standard format for SMS OTPs looks like something below:
747723 is your FooBar authentication code.
As you can see above, the first line in the standardized SMS format is for humans to understand which service/company is the OTP for. The second line in the message showcases the website’s address that is requesting an authentication code and the OTP. Apps and web browsers can then extract this information to securely log into websites or apps.
So, how soon can you see a change in the delivery of OTPs? Well, that depends. Once Apple, Google, and Mozilla agree to a common format for their web browsers, SMS OTP providers are expected to make a switch as well. Twilio has already expressed an interest in using the new format for SMS OTPs, and we think the standardized format will make things easier for everyone.