Open cpholguera opened 2 years ago
Hi @cpholguera and @sushi2k, I have been following this Enhance SMS domain-bound OTP and WebOTP recently, what do you reckon the next trend is for OTP, or maybe WEBAUTHN? Would be great if can shed some light on this topic. On top of that, what's your next step for this issue? Cheers, Nick
Hi @wwwhackcom, sorry for the late reply. We've been extremely busy due to the MASVS refactoring.
What we'd like to do here is to write a little test case to test for this but considering the app side only. What can go wrong?
Do you think you can help us drafting something? That'd be very helpful! Thank you!
By including the URL of the intended website within the SMS, it would mean websites and apps could automatically detect and read a 2FA SMS message, inputting the data. This would certainly be more convenient than remembering and then typing the keycode in. However, more importantly, by ensuring the code would only work with a specific, intended website, the plan could eliminate the risk of falling for a scam, whereby a user might unwittingly enter their 2FA code into a phishing site.