Here's Why your Apple Two-Factor Texts have Suspicious Tags in them - Maxandfix

Here's Why your Apple Two-Factor Texts have Suspicious Tags in them

The Move Aids in the Prevention of Phishing Assaults.

Two-Factor Authentication is required for developer program Account Holders to sign in to their Apple Developer account and Certificates, Identifiers, and Profiles in order to keep your account more secure. To sign in to App Store Connect, all users must use two-factor authentication, often known as two-step verification. This additional degree of security for your Apple ID ensures that only you have access to your account.

Even if they know your Apple ID Password, Two-Factor Authentication helps prevent anyone from accessing your Apple ID account. Apple ID requires two-factor authentication with iOS 9, iPadOS 13, OS X 10.11, or later.

Certain functions in iOS, iPadOS, and macOS need the use of two-factor authentication, which is designed to safeguard your data. When you create a new Apple ID on a device running iOS 13.4, iPadOS 13.4, macOS 10.15.4, or later, two-factor authentication is enabled by default. If you previously created an Apple ID account without using two-factor authentication, you can enable it at any time.

Don't worry if you've noticed that Apple's two-factor authentication texts have a lot more extra language than you're used to there's a reason for it. According to Macworld, Apple has implemented a previously proposed approach for sign-ins that uses domain-bound codes. The additional tags (such as " #123456 percent") are intended to strengthen the trustworthiness of autofilling text codes on iOS 14, iPadOS 14, and macOS Big Sur platforms.

The strategy potentially hinders more sophisticated phishing attacks that try to intercept and divert two-factor verification signals. You'll only get a code autofill recommendation if the domain of the site seeking a code matches the one in the text if you're running one of those more modern operating systems. A Phishing Site can't simply query Apple for a code and expect an autofill prompt, then. There's a strong possibility the site is fake if you don't get an autofill popup.

Apple quietly started issuing codes in the new format around November 2021. Although the concept isn't exclusive to Apple's ecosystem, it has failed to catch on elsewhere. Still, don't be shocked if these lengthy 2FA letters become more regular and could foil some phishing efforts.

Back to blog