Apple Updates Its Auto-Fill Feature To Be Disable To Prevent Phishing Attacks

Every iPhone user will agree that the auto-fill feature used to input two-factor authentication codes sent by SMS is one of the best features on the iPhone. 

But some criminal elements online have been using this feature to launch phishing attacks. They fool users into clicking on bogus links which take them to a site that requires an SMS code, and when the code is sent it appears harmless when the auto-fill feature tries to fill in the code for you. 

Apple has caught wind of this and has put up some protective measures. Apple now requires companies to use a new and much more secure format when sending verification codes. This new format requires that the verification code corresponds to the domain name, and if they don’t the auto-fill option will not be made available. 

Here’s an example, if a site posing as Apple.com sends a code and the phishing links take you to Apple.securelogin.com you will not be able to auto-fill in this password. If you're paying attention, you'll note that the format for delivering 2-factor alerts has changed.

Although the new format set by Apple is good, it still leaves room for error since it relies on the user to notice that their iPhone is not offering to auto-fill a code. Also, SMS is not a safe way to perform a 2-factor verification, it would be much better to use a code generator. 

Still, every effort to keep you and your data safe is appreciated. So make sure to check if your autofill feature is active when you are sent a verification code and be certain to confirm the domain name. Another suggestion for keeping your device secure from phishing is to always type in the URL yourself or used the ones you’ve already saved to your bookmark. And lastly be careful of opening every link sent to you, make sure it is coming from a reliable source.

What additional measures do you think Apple can do to boost their already formidable security? Please share your thoughts with us in the comment section below.