Two-factor authentication is a necessary inconvenience – it makes logging into services a little slower, but adds a good amount of security. Instead of just a username and password – which someone could steal, see over your shoulder, or get from your password manager when you walk away from your PC – it requires something you physically have.
Often, these 2FA tokens take the form of an SMS these days. It’s not without its risks – if someone pinches your phone, or ports your number without your knowledge, they could get your 2FA codes too – but it’s a hell of a lot better than nothing at all.
The Android team has been doing its bit to make 2FA easier to use, regardless of the app you’re using (or even the developer’s support for new APIs). Last year, a new “verification code autofill” setting appeared as part of a Play Services update that promised to plug the SMS-based 2FA gap, provided that the app uses Android’s SMS Retriever API.
You might be thinking “but wait, Android already does this” and yes, some do, provided they use this API. The changes appearing today will allow SMS 2FA auto-fill for apps regardless of whether the developer uses the API or not.
The change has been reported by Android Police, but we’ve not seen it on any devices here – yet. When the change is live on your device, you’ll know its present by tapping into a 2FA field, and you’ll be prompted to auto-fill a verification code from Messages.
We’re waiting for the feature to become available here. We’ll let you know when we see it!