Cookie Consent by Free Privacy Policy Generator 📌 Enhance SMS-delivered code security with domain-bound codes

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 Enhance SMS-delivered code security with domain-bound codes


💡 Newskategorie: Programmierung
🔗 Quelle: developer.apple.com

Many websites and apps offer additional login security in the form of SMS-delivered codes. On iPhone, Security Code AutoFill makes it easy for people to quickly supply these codes by offering them in the QuickType bar. On a Mac running macOS Big Sur, Mac Catalyst and AppKit apps can take advantage of this feature as well.

Additionally, starting with iOS 14 and macOS Big Sur, we’re adding an extra layer of security to SMS-delivered codes by allowing you to associate codes with a specific web domain.

How domain-bound codes work

When you use a domain-bound code, AutoFill will suggest the code if — and only if — the domain is a match for the website or one of your app’s associated domains. For example, if you receive an SMS message that ends with @example.com #123456, AutoFill will offer to fill that code when they interact with example.com, any of its subdomains, or an app associated with example.com. If instead you receive an SMS message that ends with @example.net #123456, AutoFill will not offer the code on example.com or in example.com’s associated app. This makes it harder for an attacker to trick someone into entering one-time codes into a phishing site.

While iOS and macOS will also display regular SMS-delivered codes in addition to domain-bound codes, we encourage everyone employing this authentication method to adopt this standard to provide a more secure experience for people on your website or app. If a message contains no domain information, it will continue to be offered in all relevant fields through AutoFill.

How to set up SMS domain-bound codes

You can take advantage of domain-bound codes on both websites and apps with associated domains.

Set up domain-bound codes for your website In most cases, AutoFill should work automatically on Safari for iOS and macOS Big Sur, and requires no additional information from you. In cases where it does not, you can add the autocomplete=one-time-code attribute to your web page’s text field. This cues Safari to offer applicable codes in that field.

Set up domain-bound codes for your app You can support domain-bound codes by providing an associated domain for your app. If you support Universal Links for your domain, or if AutoFill is currently suggesting saved passwords for your domain in your app’s login screens, your app is already associated with your domain.

Learn more about supporting associated domains

Note: If you’re running into issues when testing your app’s login flows, you may need to provide an additional hint about which fields in your app are one-time code fields. For iOS and Mac Catalyst apps, set the field’s textContentType property to UITextContentType.oneTimeCode. For AppKit apps on macOS, NSTextField has a contentType property that you should set to NSTextContentTypeOneTimeCode.


How to format SMS domain-bound codes

Once your app or website is set up to receive domain-bound codes, you’ll need to provide a simple addition to the SMS messages you send through your backend service to include both the domain and code. Here’s what the text you’ll send looks like:

123456 is your Example code.

@example.com #123456

Everything above the last line of the message is freeform. You're free to customize this part however you like, but it should be something that makes sense to people receiving the code.

The last line of this message gives AutoFill on iPhone, iPad, or Mac the information it needs to bind the domain and code together and suggest the code for the appropriate website or app.

In order for domain-bound codes to work properly, you must include this information in the last line of the message, and it must contain the domain and code in the correct order.

@example.com

This is the first part of that last line, and contains the domain of the app or website where you want the code to fill in. Make sure to put a single space after your domain before you begin the segment with your one-time code.

#123456 (represents the code 123456)

The second part of the last line begins with # and contains the string with your app or website’s one-time code.

Improve your SMS-delivered codes

Domain-bound codes are straightforward for developers to implement, easy for people using your apps and websites to understand, and add more security to the SMS-delivered codes. You can also learn more about domain-bound codes and the development of the message format in the W3C’s Web Platform Incubator Community Group.

Resources

Learn more about domain-bound codes

Allowing Apps and Websites to Link to Your Content

...



📌 Apple proposes simple security upgrade for SMS 2FA codes


📈 22.5 Punkte

📌 How to Automatically Fill SMS Passcodes & Security Codes on iPhone, iPad, Mac


📈 22.5 Punkte

📌 Borderlands 3: Shift-Codes und VIP-Codes im Überblick - das müsst ihr wissen


📈 22.09 Punkte

📌 Roku Channel Codes – 2000+ Private Channel Codes


📈 22.09 Punkte

📌 How To Use Netflix Secret Codes In 2020: Cheat Codes For Binge Watching


📈 22.09 Punkte

📌 Subway Surfers: Codes einlösen & Liste aller Codes für Items (2024)


📈 22.09 Punkte

📌 Google Maps: Plus Codes statt Adressen; Google erklärt die Vorteile und Notwendigkeit der Plus Codes (Video)


📈 22.09 Punkte

📌 Home Codes Repository: Verwaltet kostenlos eure HomeKit-Codes


📈 22.09 Punkte

📌 Home Codes Repository: Verwaltet kostenlos eure HomeKit-Codes


📈 22.09 Punkte

📌 Melbournes Anti-Graffiti-QR-Codes werden mit QR-Codes bekämpft


📈 22.09 Punkte

📌 Google To Replace SMS Codes With Mobile Prompts in 2-Step-Verification Procedure


📈 20.58 Punkte

📌 A leaky database of SMS text messages exposed password resets and two-factor codes


📈 20.58 Punkte

📌 Voxox Database Containing Around 26 Million SMS Entries Exposed 2FA, Reset Codes


📈 20.58 Punkte

📌 A researcher has published a tool called modlishka, capable of phishing 2fa codes sent by sms or authentication apps.


📈 20.58 Punkte

📌 Android: 2-Faktor-Codes per SMS können künftig automatisch ausgelesen werden


📈 20.58 Punkte

📌 SMS Verification Codes Made Easy on Android V2!


📈 20.58 Punkte

📌 Google Chrome 78 Beta: Web-Apps bekommen Zugriff auf lokale Dateien, Abfrage von SMS-Codes & mehr


📈 20.58 Punkte

📌 Zweiter Faktor: Apple will SMS-Codes besser absichern


📈 20.58 Punkte

📌 Zweiter Faktor: Apple will SMS-Codes besser absichern


📈 20.58 Punkte

📌 2FA: Apple-Projekt für sicherere SMS-Codes schreitet voran


📈 20.58 Punkte

📌 2FA: Apple-Projekt für sicherere SMS-Codes schreitet voran


📈 20.58 Punkte

📌 Automating (not securing) one-time use SMS authentication codes


📈 20.58 Punkte

📌 SMS-Codes in iOS 14 sollen sicherer werden


📈 20.58 Punkte

📌 SMS-Codes in iOS 14 sollen sicherer werden


📈 20.58 Punkte

📌 Iranian hacker group developed Android malware to steal 2FA SMS codes


📈 20.58 Punkte

📌 ZKB-E-Banking: Keine SMS-Codes mehr fürs Log-in


📈 20.58 Punkte

📌 India pauses blockchain-powered SMS spam-scrubber after it swallows people's one-time login codes


📈 20.58 Punkte

📌 http://pvlo-sms.dld.go.th/sms/index.php


📈 19.07 Punkte

📌 http://pvlo-sms.dld.go.th/sms/index.php


📈 19.07 Punkte

📌 SpamHound SMS Spam Filter - Get rid of spam SMS messages!


📈 19.07 Punkte

📌 SMS connect: Skype Preview bietet SMS-Support unter Windows und macOS


📈 19.07 Punkte

📌 OsmoDevCon 2019 - External SMS interface: SMS over GSUP


📈 19.07 Punkte

📌 Ozeki NG SMS Gateway up to 4.17.6 .NET Framework SMS Message deserialization


📈 19.07 Punkte











matomo