Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to Use Secure Code AutoFill in iOS 12 and macOS Mojave

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,956
38,656



Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password.

Depending on how notifications are set up on your iPhone, receiving a code via text message may mean that you have to switch out from the app or website to read the message and memorize or copy the code, and then switch back to paste it or type it into the login screen manually.

ios-12-secure-code-autofill-1.jpg

To make this process less of a hassle, Apple is introducing Security Code AutoFill for iOS 12. The new feature ensures that SMS one-time passcodes that you receive instantly appear as AutoFill suggestions in the QuickType bar above the virtual keyboard, letting you input them in the passcode field with a simple tap.

If you've enabled Text Message Forwarding on your iPhone, you can use the Secure Code AutoFill feature in macOS Mojave, too. The code should appear in Safari as an AutoFill option in the relevant field as soon as the SMS is delivered to Messages on your Mac.

secure-code-autofil-mojave-2.jpg

iOS and macOS use local data detector heuristics to work out whether an incoming message carries a security code, and Apple says the Security Code AutoFill feature does not alter the security of this two-factor authentication method.

So as long as developers craft their secure code text messages correctly, Security Code AutoFill should work in all third-party apps updated for iOS 12 and macOS Mojave, which are due for official public release this fall.

Article Link: How to Use Secure Code AutoFill in iOS 12 and macOS Mojave
 
Article Link
https://www.macrumors.com/how-to/use-secure-code-autofill-ios-12-macos-mojave/
  • Like
Reactions: justperry
Screenshot 2018-08-14 at 10.59.17.png
Not working for me. I'm not currently testing on my phone, although when I did try it a few weeks ago it didn't work there either. Running 10.14 dev beta 7.

This is the SMS I got:
mTAN for your new login:123456

And attached is a pic showing the field that expects it. No auto-fill available. It's a shame, as it would be a great feature. Hopefully they'll enhance it over time as Apple learns the format of various SMS authentication texts.
 
  • Like
Reactions: comakut
That's a very welcome feature. Currently 2FA often is quite a burden on usability.
BootsWalking said:
Cool idea, but 2FA via SMS is inherently insecure and shouldn't be encouraged.
Click to expand...
True that, but ironically, SMS could be secured very, very easily, since SIM cards are designed to hold a private key (actually that's their sole purpose). All that network providers would need to do is, to publish the corresponding public certificate, so the sender could encrypt their SMS with that certificate and send the encrypted message to the recipient who decrypts it using their SIM card's private key. That's as easy as secure SMS could be. Unfortately, network design isn't focused as much on security as it should be...
 
This feature is ‘kind of’ available on iOS 11; when adding a card to Apple Pay here in the UK most of the time once the verification SMS has come through it’s filled itself automatically.
 
iGeek2014 said:
This feature is ‘kind of’ available on iOS 11; when adding a card to Apple Pay here in the UK most of the time once the verification SMS has come through it’s filled itself automatically.
Click to expand...
Was going to post this, but you got there first.
 
I told a bunch of people at work that there should be an option to copy the code directly from the dropdown notification a long time ago, this is an awesome improvement.

Now it iOS 12 needs the option to be able to generate new passwords without having to be in a password field. A lot of websites don't use the proper fields for creating new passwords and iOS 12 doesn't display the suggested password. I'd also like to see the password generator be more customizable. Some passwords don't allow dashes
 
[AUT] Thomas said:
That's a very welcome feature. Currently 2FA often is quite a burden on usability.
True that, but ironically, SMS could be secured very, very easily, since SIM cards are designed to hold a private key (actually that's their sole purpose). All that network providers would need to do is, to publish the corresponding public certificate, so the sender could encrypt their SMS with that certificate and send the encrypted message to the recipient who decrypts it using their SIM card's private key. That's as easy as secure SMS could be. Unfortately, network design isn't focused as much on security as it should be...
Click to expand...
Problem with that approach is then phone numbers can never be recycled, and if you lose your phone you lose the number forever. Currently, messages are encrypted in-flight but not end-to-end. You have to trust the telco company to route messages to you and nobody else. I was told the most common exploit is people calling the customer support and convincing them to activate another SIM card for an existing number.
 
Last edited:
MacRumors said:



Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password.

Depending on how notifications are set up on your iPhone, receiving a code via text message may mean that you have to switch out from the app or website to read the message and memorize or copy the code, and then switch back to paste it or type it into the login screen manually.

ios-12-secure-code-autofill-1.jpg

To make this process less of a hassle, Apple is introducing Security Code AutoFill for iOS 12. The new feature ensures that SMS one-time passcodes that you receive instantly appear as AutoFill suggestions in the QuickType bar above the virtual keyboard, letting you input them in the passcode field with a simple tap.

If you've enabled Text Message Forwarding on your iPhone, you can use the Secure Code AutoFill feature in macOS Mojave, too. The code should appear in Safari as an AutoFill option in the relevant field as soon as the SMS is delivered to Messages on your Mac.

secure-code-autofil-mojave-2.jpg

iOS and macOS use local data detector heuristics to work out whether an incoming message carries a security code, and Apple says the Security Code AutoFill feature does not alter the security of this two-factor authentication method.

So as long as developers craft their secure code text messages correctly, Security Code AutoFill should work in all third-party apps updated for iOS 12 and macOS Mojave, which are due for official public release this fall.

Article Link: How to Use Secure Code AutoFill in iOS 12 and macOS Mojave
Click to expand...

I didnt even know this was a new feature but i was very impressed when it autofiilled
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back