We’ve talked about how setting up two-factor authentication is important to securing your online accounts to complement the strong passwords we use(unless you use these ones, which you should immediately change). SMS-based 2FA is the simplest and adoptable of the various two-step authentication methods out there but its inconvenience is why most people don’t use it. Google wants to change that.
Google even has the data that explains the importance of setting up a recovery number to prevent phishing attacks. The recent Google Play Services version 18.7.13 beta hints that Google will soon let Android’s built-in Autofill Service automatically pick up verification codes sent through text messages when you log in to your online accounts after you’ve set up SMS-based 2FA.
Here’s how it works
Google wants more developers to use Google Play Services’ SMS Retriever API. The reason it isn’t actively being adopted is that Google wants developers to start their verification text messages with <#> and end with a hash based on the signature of the app. According to XDA Developers, that hash might confuse users. Here, look at it this sample and guess which is the verification code.
Now Google is updating the Google Autofill Service to pull the codes from text messages from messaging apps that can’t automatically get the code or ones that don’t use SMS Retriever API.
The feature is simple as users can enable SMS Code Auto-fill when it officially rolls out. It will join the passwordless future with Android now that it got FIDO2 Certified especially since Google is pushing this approach via Google Play Services.