Inspire your team with powerhouse speakers, team building activities and unmatched networking opportunities 🎟️ Secure your discounted Group Tickets today →

This article was published on August 5, 2020

Apple wants to make 2FA safer with domain bound SMS codes

Apple wants to make 2FA safer with domain bound SMS codes

Authenticating transactions or login sessions through SMS-based two-factor authentication is standard practice. However, SMS as a 2FA medium might not be totally secure. Hackers can intercept these messages and use them to log in to your account.

Apple is trying to make this method a tad bit more secure through domain-bound messages for developers. Make no mistake, the company’s new effort is trying to improve autofill — a function that lets you automatically put received code in the field.

Here’s how it works: developers will need to implement this functionality in their apps and websites. Once they do that, your autofill will only get code if it finds that the SMS delivered to your phone has the same domain as the app or website you’re authenticating.

Here’s Apple’s explanation:

For example, if you receive an SMS message that ends with #123456, AutoFill will offer to fill that code when they interact with, any of its subdomains, or an app associated with If instead, you receive an SMS message that ends #123456, AutoFill will not offer the code on or in’s associated app.

Even if developers implement this, there might be a chance that sophisticated hackers can intercept your message and relay it back to you with meticulous details. Domain-bound messages might just make their task a bit harder.

If possible, you should use a software-based 2FA such as Authy or Google Authenticator

You can learn more about domain-bound codes here.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with