Codes in SMS they are one of the systems most used as a second element in authentication systems in two (2FA) or more steps (MFA). And it is understandable because, nowadays, who does not have a mobile phone on which to receive messages of this type? Thus, the operation to log in (or perform other types of operations that require identification) forces us not only to know the access password, but also to have access to the device configured as trustworthy on our part. Some studies claim that two-step authentication can thwart up to 90% of attacks.
However, there are times when receiving the codes in SMS is not the most comfortable option possible or, to be more exact, there is no particularly comfortable option. And precisely to solve this problem, Google has just added an experiment to Google Chrome Canary (the development version of its browser), whose intention is automate the second phase of 2FA-based authentications in which access is made through the browser and SMS codes are used to confirm the identity of the user.
According to the description of this experiment, which you can find and activate in Chrome Canary by accessing chrome: // flags and searching for the term SMS, it is the following:
SMS Receiver Cross Device
Enable the SMS Receiver API to work across devices – Mac, Windows, Linux, Chrome OS, Android
Without a doubt, the most striking thing about it is the reference to desktop operating systems, which indicates that, indeed, the intention of Google engineers is to use the SMS receiver API so that the codes in SMS received on the smartphone also reach, directly, the device with which we are working and, of course, in which we want to log in with our password and said additional security key.
In order to perform its functions properly, Chrome must be able to discriminate, among all the SMS received, those that contain an OPT code (One Time Password, one-time password) which, in the end, is what this 2FA access model consists of. Something that, in reality, already works well at the device level, when the accesses for which we need codes in SMS will be used on the same smartphone in which we are identifying ourselves.
Regarding its operation, at the moment it is not clear at all, but everything indicates that once the SMS is received on the smartphone, the installation of Chrome in it it will detect that it is an OTP and automatically send it, along with its identifier, to other instances of the browser associated with the same user account and, upon detecting in which of them the key is waiting, it will offer to complete it automatically.
With information from Techtsp