Apparently, Apple has taken on a new way to make its 2FA authentication process stronger. There have been multiple reports by Apple users of receiving a different SMS for their two-factor verification. Earlier the Cupertino-based tech giant used to send simple texts and 2FA code for verification but now reportedly Apple is sending a strange string of alphabets and letters inside it as well.
The New Update from Apple
This update from Apple can be seen when a user tries to log in to Apple ID using an SMS-based second-factor verification code. Apple users who tried logging in recently came across a strange mix of words, numbers as well as characters within the message that arrives with this code. The code can be like this for example - "@apple.com #[code] %apple.com." According to a report from MacWorld, this update has been introduced by the company to avoid any phishing attacks that try to steal users’ data through dubious links.
There have been multiple reports where these phishing attempts are made while 2FA authentication login redirecting the victim to a phishing link. Upon entering any credential on one of these links straight away goes to the threat actor and are further relayed for login at the actual website or service. Thus, the new 2FA authentication process by Apple will protect from these phishing activities.
Understanding how the process works is very simple, the altered SMS by Apple will prevent the code from being auto-detected by any service outside of Apple's domain. Apple had proposed changes related to security back in August 2020 and the feature is a part of it. The company ensured that it will introduce support for “domain-bound codes” for logins on Apple devices.
Apple will now be able to ensure whether the verification code is indeed supplied to a trusted domain as the text messages will now need to provide a destination domain and some other data to the device instead of just the verification code. This simple yet effective update from Apple will help in avoiding any phishing attacks during 2FA authentication.