apple patient
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally
No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally
No Result
View All Result
apple patient
No Result
View All Result

Against phishing attacks: Apple increases security for 2FA SMS

by Milan
January 31, 2022
Against phishing attacks: Apple increases security for 2FA SMS

Galati, Romania - October 14, 2021: Studio shot of new Apple iPhone 12 Pro Max blue color over iPhone box. Isolate on black background. Illustrative editorial

Apple's autofill feature for two-factor authentication makes entering verification codes received via SMS effortless. The problem is that phishing attackers know how to exploit this. Now Apple has made changes to its own services.

Apple's change essentially means that every time Apple sends you a new SMS as a form of two-factor authentication, the message will only be available for autofill on Apple services and websites because a new boilerplate has been added, making it inaccessible to phishing sites claiming to be from Apple. As Macworld reported, this step was proposed over a year ago - in August 2020, to be exact. The new messages contain more text than usual - and have been playing out for several weeks now.

  • A normal, human-readable message, including the code, followed by a newline.
  • The scoped domain as @domain.tld.
  • The code is repeated again as #123456.
  • Wenn die Website ein eingebettetes HTML-Element, einen sogenannten iframe, verwendet, wird die Quelle des iframe nach dem % aufgeführt, z. B. %ecommerce.example. (In der ursprünglichen Spezifikation ist @ angegeben; Apple scheint % für seine Texte zu verwenden).

Apple has changed the appearance of SMS messages for 2FA queries

The whole system works similarly to password managers and iCloud Keychain, which only display a password on a specific website or in an associated app. This means that fake websites cannot use the autofill feature to accept a code for two-factor authentication because iOS, iPadOS and macOS recognize that the domains do not match.

iOS, iPadOS and macOS offer to fill in the code that was last received via SMS in the Messages app in any properly formatted field - even the verification code field on a phishing website. This makes it too easy for scammers. However, if the text message is designed as Apple suggested, the operating systems starting with iOS 15, iPadOS 15 and macOS 11 Big Sur only offer autofill for websites that match the domain name. The security is not perfect but it is a simple update to strengthen defenses.

So in the future, if you receive an SMS verification code and no autofill is offered, you should take a close look at the domain name. Or even better: always use your own bookmarks or type URLs manually instead of clicking on links. (Photo by manae / Bigstockphoto)

  • iOS 15: How to use the native iPhone 2FA code generator
Have you already visited our Amazon Storefront? There you'll find a hand-picked selection of various products for your iPhone and other devices – enjoy browsing !
This post contains affiliate links .
Add Apfelpatient to your Google News Feed. 
Was this article helpful?
YesNo
Tags: Apple servicesiOSiPadOSmacOS
Previous Post

macOS 12.2: Bluetooth bug leads to battery drain

 Next Post

New iMac Pro with MiniLED and more to appear later
Next Post
STRASBOURG, FRANCE - JAN 11, 2018: New iMac Pro the all-in-one personal computer in Apple Computers Store. Apple claims the iMac Pro is the most powerful Mac ever made

New iMac Pro with MiniLED and more to appear later

Edit iPhone RAW photos

Editing iPhone RAW photos – 8 simple pro tips

July 31, 2025
iOS 26 Apple Music

Apple Music in iOS 26: Music Pins make access easier

July 30, 2025
Foxconn AI

Foxconn responds to AI boom with new partnership

July 30, 2025

About APFELPATIENT

Welcome to your ultimate source for everything Apple - from the latest hardware like iPhone, iPad, Apple Watch, Mac, AirTags, HomePods, AirPods to the groundbreaking Apple Vision Pro and high-quality accessories. Dive deep into the world of Apple software with the latest updates and features for iOS, iPadOS, tvOS, watchOS, macOS and visionOS. In addition to comprehensive tips and tricks, we offer you the hottest rumors, the latest news and much more to keep you up to date. Selected gaming topics also find their place with us, always with a focus on how they enrich the Apple experience. Your interest in Apple and related technology is served here with plenty of expert knowledge and passion.

Legal

  • Imprint – About APFEPATIENT
  • Cookie Settings
  • Privacy Policy
  • Terms of Use

service

  • Partner Program
  • Netiquette – About APPLEPATIENT

RSS Feed

Follow Apfelpatient:
Facebook Instagram YouTube threads
Apfelpatient Logo

© 2025 Apfelpatient. All rights reserved. | Sitemap

No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally

© 2025 Apfelpatient. All rights reserved. | Page Directory