Apple has changed the content of their two-factor authentication messages (don’t panic)
Apple includes an additional security measure for two-factor authentication in its messaging to further reduce phishing attacks.
One of the security features of iOS allows you to automatically fill in the requested field when you receive a two-factor authentication message without having to open the message and enter it yourself. This option makes everyday use of this strong authentication system easier, but unfortunately it is also a new method for hackers.
Apple builds an extra security measure into its messages for two-factor authentication
And it would seem that the situation is alarming enough that the Cupertino company today decided to change the content of these messages sent to users. If you have an iPhone and are receiving two-factor authentication codes with extra text, don’t panic. This is just a way that the Apple brand has found to combat possible phishing sites.
To further reduce phishing
The messages in question now look like this: “Your Apple ID: 123456. Don’t share it with anyone. @apple.com #123456 %apple.com The idea is that the domain name entered at the end of the message must match the site you are trying to authenticate to. If the displayed domain name matches the site in question, then the user can use the autocomplete feature.
As mentioned above, this was introduced as an additional security measure to combat some sites that try to use the autofill feature to steal codes and identifiers. Such a system is clearly not ideal. Even hackers can take advantage of this, but currently it’s better than nothing. This will not protect users from phishing, but it may reduce incidents.
Leave a Reply