SMS OTP retrieval saving you time

SMS OTP retrieval saving you time

Sometimes it feels like your smartphone might be reading your mind when really its sophisticated UI anticipates your needs before you even think about it.

A fantastic example of this is the automatic retrieval of SMS verification codes. So whenever you use Two Factor Authentication (TFA) to confirm your identity and verify an action online, your handset automatically sifts through recent messages to find the SMS One-Time Password (OTP) you need right then and there. Like predictive text or Autofill, instead of typing out each character, your smartphone has the code ready to go on your keyboard.

SMS OTP retrieval is available for both Android and iOS systems and works through an API to ensure external applications do not have direct access to your messages without explicit consent.

REQUEST A CONSULTATION

Speak to SMS Specialists and improve your cybersecurity with SMS OTP

Book a live demo with our SMS experts to optimise your online security and communication strategy today.


Related article: Avoid identity theft with SMS OTP

SMS OTP is as easy as 1, 2!

Make it simple - users now can efficiently access TFA and enter an SMS verification code without the hassle of switching between apps or memorising a number that they will only use once.

With this handy feature, it only takes two clicks to enter a security passcode.

  1. Click the 'Send SMS code' button
  2. Once the text message is received, it will appear on your keyboard - click the code to enter it in

Done!


How does it work?

By filtering through messages with a specific format, codes can be automatically accessible on your keyboard once the SMS OTP is received.

Android message format

An example of Google's SMS Retriever API message format is as follows:

<#> SampleApp: Your verification code is 123456 QbwSot12oP

The format must include:

  1. <#> at the beginning of the message - this indicates the message as an OTP SMS to the system
  2. Hashcode at the end of the message - this will pass the message over to the respective app. To generate Hashcode, you can use Command Prompt or AppSignatureHelper class, however, be aware of additional code associated with AppSignatureHelper class and exclude it before publishing.

iOS message format

Data detector heuristics infer that an incoming message carries a security code by looking for words like 'code' or 'passcode' near the code sequence. That means no matter what the language, as long as the associated word is close to the code string, heuristics will pick it up and create an Autofill entry.

Examples of Apple's Security Code Autofill messaging formats are as follows:

  • Your Sample code is 123456
  • Sample: Votre code est 123456
  • Sample passcode: 123456

The format must include:

  1. Words like 'code' or 'passcode' in close proximity to the code sequence
  2. The actual code

Synched up

Furthermore, when your smartphone and desktop are paired, the SMS verification code that is sent to the smartphone synchs up and is forwarded to the desktop. The passcode is retrieved and automatically input into the web browser or application being used.


More secure with OTP retrieval

Not only does your smartphone recognise security codes and ensure TFA is effectively enforced, but both iOS and Android also provide a higher level of security with these functions. It restricts apps' movement around your data and minimises access to read your messages without your explicit consent.

Related article: SMS 2FA [Explained]


For assistance and updates on how to implement effective OTP push and retrieval, please get in contact with SMSGlobal’s support team.