SMS 2FA and the Modern Smartphone

SMS has been around for over 20 years now and yet this basic 160 character instant messaging service is still widely used for marketing, transactional messages and two-factor authentication ("2FA")

This was just a random thought when trying to log into something for the third time today that requires an SMS OTP.

When I'm staring at a form input box and my phone receives a message at that exact moment the chances are it's to fill that box in, it'd be nice if this was more streamlined!

Imagine if, for example, an HTML form could listen for the message.. perhaps with something like the following

<input type="text" name="2fa" autofill-type="sms" autofill-originator="+447700900123"/>

And the browser would then actively listen for a message from that originator (which could either arrive directly on the device or, via something like Apple's Messages app, a message sent to your phone could auto-fill a field on your mac).

So when the following SMS arrives;

Your one time passcode is [912341851]

The user is prompted to auto-fill the form with the passcode provided.

Likewise this would make for easy phone number verification for apps like WhatsApp and such like, rather than requiring the user to exit the app, read the code, and return to the app.

This would streamline the experience somewhat!