How to Use Secure Code AutoFill in iOS 12 and macOS Mojave

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,751
10,173



Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password.

Depending on how notifications are set up on your iPhone, receiving a code via text message may mean that you have to switch out from the app or website to read the message and memorize or copy the code, and then switch back to paste it or type it into the login screen manually.


To make this process less of a hassle, Apple is introducing Security Code AutoFill for iOS 12. The new feature ensures that SMS one-time passcodes that you receive instantly appear as AutoFill suggestions in the QuickType bar above the virtual keyboard, letting you input them in the passcode field with a simple tap.

If you've enabled Text Message Forwarding on your iPhone, you can use the Secure Code AutoFill feature in macOS Mojave, too. The code should appear in Safari as an AutoFill option in the relevant field as soon as the SMS is delivered to Messages on your Mac.


iOS and macOS use local data detector heuristics to work out whether an incoming message carries a security code, and Apple says the Security Code AutoFill feature does not alter the security of this two-factor authentication method.

So as long as developers craft their secure code text messages correctly, Security Code AutoFill should work in all third-party apps updated for iOS 12 and macOS Mojave, which are due for official public release this fall.

Article Link: How to Use Secure Code AutoFill in iOS 12 and macOS Mojave
 
  • Like
Reactions: justperry

adrianlondon

macrumors 68020
Nov 28, 2013
2,261
2,063
Switzerland
Screenshot 2018-08-14 at 10.59.17.png
Not working for me. I'm not currently testing on my phone, although when I did try it a few weeks ago it didn't work there either. Running 10.14 dev beta 7.

This is the SMS I got:
mTAN for your new login:123456

And attached is a pic showing the field that expects it. No auto-fill available. It's a shame, as it would be a great feature. Hopefully they'll enhance it over time as Apple learns the format of various SMS authentication texts.
 
  • Like
Reactions: comakut

[AUT] Thomas

macrumors 6502a
Mar 13, 2016
525
560
Graz [Austria]
That's a very welcome feature. Currently 2FA often is quite a burden on usability.
Cool idea, but 2FA via SMS is inherently insecure and shouldn't be encouraged.
True that, but ironically, SMS could be secured very, very easily, since SIM cards are designed to hold a private key (actually that's their sole purpose). All that network providers would need to do is, to publish the corresponding public certificate, so the sender could encrypt their SMS with that certificate and send the encrypted message to the recipient who decrypts it using their SIM card's private key. That's as easy as secure SMS could be. Unfortately, network design isn't focused as much on security as it should be...
 

iGeek2014

macrumors 68020
Jun 29, 2014
2,113
1,093
=== Nowheresville ===
This feature is ‘kind of’ available on iOS 11; when adding a card to Apple Pay here in the UK most of the time once the verification SMS has come through it’s filled itself automatically.
 

afd

macrumors 65816
Apr 12, 2005
1,030
246
Scotland
This feature is ‘kind of’ available on iOS 11; when adding a card to Apple Pay here in the UK most of the time once the verification SMS has come through it’s filled itself automatically.
Was going to post this, but you got there first.
 

gaximus

macrumors 65816
Oct 11, 2011
1,022
1,381
I told a bunch of people at work that there should be an option to copy the code directly from the dropdown notification a long time ago, this is an awesome improvement.

Now it iOS 12 needs the option to be able to generate new passwords without having to be in a password field. A lot of websites don't use the proper fields for creating new passwords and iOS 12 doesn't display the suggested password. I'd also like to see the password generator be more customizable. Some passwords don't allow dashes
 

fairuz

macrumors 68020
Aug 27, 2017
2,486
2,581
Silicon Valley
That's a very welcome feature. Currently 2FA often is quite a burden on usability.
True that, but ironically, SMS could be secured very, very easily, since SIM cards are designed to hold a private key (actually that's their sole purpose). All that network providers would need to do is, to publish the corresponding public certificate, so the sender could encrypt their SMS with that certificate and send the encrypted message to the recipient who decrypts it using their SIM card's private key. That's as easy as secure SMS could be. Unfortately, network design isn't focused as much on security as it should be...
Problem with that approach is then phone numbers can never be recycled, and if you lose your phone you lose the number forever. Currently, messages are encrypted in-flight but not end-to-end. You have to trust the telco company to route messages to you and nobody else. I was told the most common exploit is people calling the customer support and convincing them to activate another SIM card for an existing number.
 
Last edited:

Internet Enzyme

macrumors 6502a
Feb 21, 2016
847
1,322



Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password.

Depending on how notifications are set up on your iPhone, receiving a code via text message may mean that you have to switch out from the app or website to read the message and memorize or copy the code, and then switch back to paste it or type it into the login screen manually.


To make this process less of a hassle, Apple is introducing Security Code AutoFill for iOS 12. The new feature ensures that SMS one-time passcodes that you receive instantly appear as AutoFill suggestions in the QuickType bar above the virtual keyboard, letting you input them in the passcode field with a simple tap.

If you've enabled Text Message Forwarding on your iPhone, you can use the Secure Code AutoFill feature in macOS Mojave, too. The code should appear in Safari as an AutoFill option in the relevant field as soon as the SMS is delivered to Messages on your Mac.


iOS and macOS use local data detector heuristics to work out whether an incoming message carries a security code, and Apple says the Security Code AutoFill feature does not alter the security of this two-factor authentication method.

So as long as developers craft their secure code text messages correctly, Security Code AutoFill should work in all third-party apps updated for iOS 12 and macOS Mojave, which are due for official public release this fall.

Article Link: How to Use Secure Code AutoFill in iOS 12 and macOS Mojave
I didnt even know this was a new feature but i was very impressed when it autofiilled
 

mindfulmac

macrumors member
May 24, 2018
70
104
Is this only working in Safari? Just tried in Firefox but not working. Very disappointed.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.