One use case that has yet to be supported in WebOTP is targeting phone number verification requests from a remote desktop device or a laptop-the API only works on devices that have telephony capabilities. The SMS has a specific format and it's bound to the origin, so it mitigates the risk of phishing websites stealing the OTP as well. The WebOTP API gives websites the ability to programmatically obtain the one-time password from a SMS message and automatically fill the form for users with just one tap without switching apps. It's easy to make mistakes this way and it's vulnerable to phishing attacks. ![]() However, the entire flow of switching from desktop to mobile, opening the SMS app, memorizing and entering the OTP on the original website back on desktop adds friction. ![]() SMS OTPs (one-time passwords) are commonly used to verify a phone number, for example as a second step in authentication, or to verify payments on the web. Chrome 93 extends this functionality to desktop as well. ![]() ![]() WebOTP helps users enter a phone number verification code on a mobile website in one tap without switching between apps.
0 Comments
Leave a Reply. |