How to Use Secure Code AutoFill in iOS 12 and macOS Mojave

Discussion in 'iOS Blog Discussion' started by MacRumors, Aug 14, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password.

    Depending on how notifications are set up on your iPhone, receiving a code via text message may mean that you have to switch out from the app or website to read the message and memorize or copy the code, and then switch back to paste it or type it into the login screen manually.

    [​IMG]

    To make this process less of a hassle, Apple is introducing Security Code AutoFill for iOS 12. The new feature ensures that SMS one-time passcodes that you receive instantly appear as AutoFill suggestions in the QuickType bar above the virtual keyboard, letting you input them in the passcode field with a simple tap.

    If you've enabled Text Message Forwarding on your iPhone, you can use the Secure Code AutoFill feature in macOS Mojave, too. The code should appear in Safari as an AutoFill option in the relevant field as soon as the SMS is delivered to Messages on your Mac.

    [​IMG]

    iOS and macOS use local data detector heuristics to work out whether an incoming message carries a security code, and Apple says the Security Code AutoFill feature does not alter the security of this two-factor authentication method.

    So as long as developers craft their secure code text messages correctly, Security Code AutoFill should work in all third-party apps updated for iOS 12 and macOS Mojave, which are due for official public release this fall.

    Article Link: How to Use Secure Code AutoFill in iOS 12 and macOS Mojave
     
  2. martyjmclean macrumors regular

    martyjmclean

    Joined:
    Jan 24, 2018
    Location:
    Sydney, NSW, Australia
  3. BootsWalking macrumors 6502a

    Joined:
    Feb 1, 2014
    #3
    Cool idea, but 2FA via SMS is inherently insecure and shouldn't be encouraged. However if Apple were to allow third-parties to deliver them over iMessage it would be secure and very convenient.
     
  4. adrianlondon macrumors 6502a

    adrianlondon

    Joined:
    Nov 28, 2013
    Location:
    Switzerland
    #4
    Screenshot 2018-08-14 at 10.59.17.png Not working for me. I'm not currently testing on my phone, although when I did try it a few weeks ago it didn't work there either. Running 10.14 dev beta 7.

    This is the SMS I got:
    mTAN for your new login:123456

    And attached is a pic showing the field that expects it. No auto-fill available. It's a shame, as it would be a great feature. Hopefully they'll enhance it over time as Apple learns the format of various SMS authentication texts.
     
  5. [AUT] Thomas macrumors regular

    Joined:
    Mar 13, 2016
    Location:
    Graz [Austria]
    #5
    That's a very welcome feature. Currently 2FA often is quite a burden on usability.
    True that, but ironically, SMS could be secured very, very easily, since SIM cards are designed to hold a private key (actually that's their sole purpose). All that network providers would need to do is, to publish the corresponding public certificate, so the sender could encrypt their SMS with that certificate and send the encrypted message to the recipient who decrypts it using their SIM card's private key. That's as easy as secure SMS could be. Unfortately, network design isn't focused as much on security as it should be...
     
  6. PowerBook-G5 macrumors 65816

    PowerBook-G5

    Joined:
    Jul 30, 2013
    Location:
    The United States of America
  7. iGeek2014 macrumors 68000

    Joined:
    Jun 29, 2014
    Location:
    === Nowheresville ===
    #7
    This feature is ‘kind of’ available on iOS 11; when adding a card to Apple Pay here in the UK most of the time once the verification SMS has come through it’s filled itself automatically.
     
  8. afd macrumors 6502a

    Joined:
    Apr 12, 2005
    Location:
    Scotland
    #8
    Was going to post this, but you got there first.
     
  9. gaximus macrumors 6502a

    Joined:
    Oct 11, 2011
    #9
    I told a bunch of people at work that there should be an option to copy the code directly from the dropdown notification a long time ago, this is an awesome improvement.

    Now it iOS 12 needs the option to be able to generate new passwords without having to be in a password field. A lot of websites don't use the proper fields for creating new passwords and iOS 12 doesn't display the suggested password. I'd also like to see the password generator be more customizable. Some passwords don't allow dashes
     
  10. fairuz, Aug 14, 2018
    Last edited: Aug 14, 2018

    fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    San Jose and Berkeley, CA
    #10
    Problem with that approach is then phone numbers can never be recycled, and if you lose your phone you lose the number forever. Currently, messages are encrypted in-flight but not end-to-end. You have to trust the telco company to route messages to you and nobody else. I was told the most common exploit is people calling the customer support and convincing them to activate another SIM card for an existing number.
     
  11. Internet Enzyme macrumors 6502

    Internet Enzyme

    Joined:
    Feb 21, 2016
    #11
    I didnt even know this was a new feature but i was very impressed when it autofiilled
     
  12. Southern Dad macrumors 65816

    Southern Dad

    Joined:
    May 23, 2010
    Location:
    Shady Dale, Georgia
    #12
    This is something I will use often. My short term memory sucks.
     

Share This Page