Apple has shared a proposal to create a standard for two-factor authentication (2FA) that would streamline the process for users, while also making it more secure against phishing attempts. Even if you aren't familiar with the term, 2FA is the security protocol that adds another layer of protection to accounts beyond a user name and password.

You've probably experienced it before when you logged in to a bank account. Your bank sends a six- or eight-digit code to your phone that you then enter on the bank's website. This is meant to confirm that only the account owner is able to log in by sending the code to the phone number registered on the account.

The problem is that when you receive that code, you either have to enter it manually or you toggle back and forth between your messages and your web browser and copy and paste. Neither is particularly helpful. 

In addition, the current system introduces the possibility that a phishing attack could spoof your account information and prompt your bank to send you a code. Then, when you enter the code, say on a fraudulent website link you clicked on from your email, it turns out that the attacker uses that code to log in to your actual account.

Apple's proposal, which includes support from engineers at Google, would create a standardized format for these messages that would allow the code to be entered without additional user input. It does this by matching the code to the site that requested it using signals within the message formatting. As a result, the user can simply tap the code from the auto-complete options on their keyboard.

 inline image

If this sounds familiar, Apple previously introduced a version of this in iOS 12. However, it's based solely on heuristic technology that attempts to match the code with the site you're using. It works well sometimes, but only if the operating system is able to parse both the site and the code. It's also not as secure as the proposed system since it doesn't guarantee that the code was sent by the requesting site.

The proposed version would create a standard that would be used by all sites. Considering that the makers of the two most popular smartphone operating systems--iOS and Android--are united in this effort, it seems likely that other parties involved will get on board.

The only downside is that it still depends on your mobile phone number for verification, which means that it's susceptible to SIM-swapping. Still, anytime you can get tech giants like Apple and Google on the same page for making our information more secure, it's a win for all of us.