Apple is working with Google engineers to build a more refined and secure alternative to the one-time passcodes sent via SMS that are part of the typical ‘two-step’ authentication systems.
Apple WebKit engineers released the first draft for its proposals earlier this year, and it was recently given the green light to become part of the Web Platform Incubator Community Group (WICG).
Google backed the proposal in January, and the draft published last week was co-edited by the company’s senior director of engineering Farnaz Azmoodeh and Apple’s Theresa O’Connor.
The initiative was born from a desire to build a better method for sending the one-time codes that confirm login credentials when users attempt to sign in on certain platforms.
Many websites do make use of OTP instead of SMS, but there has not yet been a standardised method of formatting for these messages, which has raised fears about data security.
The WICG publication noted that the current method is often “unreliable and error prone” and that it could lead to some users inputting codes to malicious sites without them realising.
Users also have to manually enter the passcodes when they are on a website, which can be laborious.
Apple wants to create a refined solution that offers better security and a more enjoyable user experience.
The new format uses a “lightweight text format” to deliver a code, and users can then extract it and log into a website without having to go through any manual processes.
“This proposal attempts to reduce some of the risks associated with SMS delivery of one-time codes,” a source close to the development of the new system says.
The source adds that the system won’t solve all of the issues but will reduce the risks associated with phishing and generally make the process more secure.