Monday, October 21, 2019

Safari Security Code AutoFill


the pm at apple who came up with sms verification code auto-fill deserves a nobel prize

Dan Hill:

Yea this is hands down one of the most elegant features I’ve used. Solved a real problem, simply, with no effort on my part.

Ricky Mondello:

The idea for Security Code AutoFill came out of a small group of software engineers working on what we thought was a much more ambitious project. It wasn’t a PM, it wasn’t just one person, and it wasn’t what we set out to do initially.

It started as a small side idea we had while designing something very different. We jotted it down, tabled it for weeks, and then picked it up after the “more ambitious” project wasn’t panning out. It was hard, but I’m so glad we changed focus.

Even with a gem of an idea, it was still just an idea. Ideas are obviously super important — they’re necessary, but not sufficient. Here, the end result came from the idea, teamwork, and execution.

Years later, I’m still so proud of the team for making this feature happen. The team combined expertise from several areas to ship magic that worked on day 1, while asking nothing of app and website developers, without giving anyone your text messages. This still inspires me!

This is a really great feature, and it’s reliable. I wish there were a way to use it with third-party Mac browsers. As far as I know, they have no way to access SMS at all, except perhaps by snooping the Notification Center database.


7 Comments RSS · Twitter

This is a great feature except that SMS as a second factor isn't terribly secure. I prefer that apple offer better integration with authenticator apps, not to mention adopting authenticator apps over their own home-grown second factor built into the OS.

This feature is fantastic when it works. But I have several web sites that have popover pains showing auto-fill values, and then the SMS comes it, and it adds, and you click on it, but then it is placed in the field and removed from the popover, whereupon a different entry appears under the mouse and promptly erases the filled entry. Sigh. So yes, glorious when it works, infuriating when it works and then undoes itself.

I have two issues, or whishes, for AutoFill in general:
1) it could support much more than just user credentials. Many "password" managers can also handle eg credit card numbers, answers to security questions etc
2) better deal with all those sites that make you enter your username first before the passcode textfield appears, eg: (why did Apple build it in a way that breaks their own AutoFill flow??)

I've never noticed this, I guess it only works if your SMS come in through iMessage? Mine are via Google Voice notifications.

@Ben Right, you have to enable iMessage “Test Message Forwarding.”

Wait, only works in Safari? I was an early iCab convert and never looked back. That's sad third party browsers cannot have access to security features. Apple might as well open up the system to third party rendering engines at this point.

Sören Nils Kuklau

It does appear to be a Safari feature. I wish it worked in any password text field. I noticed the other day when installing the Catalyst Twitter app that its sign-in UI didn't allow this. It's always a little weird when native apps have a worse experience than web apps…

Leave a Comment