iOS 13.3 added an improvement to minimize junk messages you get in the Messages app. But it also made SMS two-factor authentication more annoying.
SMS 2FA
With iOS 13.3, if you receive a text from someone that isn’t in your contacts list, you’ll see an alert that says “Restricted Contact. <Number> is not an allowed contact.” Then you can either tap OK, or Add Contact. But you can’t see the message until you add the contact.
I discovered this last night when I was trying to log into my bank account. Since I have two-factor authentication set up, it sent me a text with a one-time code so I could log in. But I got the Restricted Contact alert, and I couldn’t see the code until I added the number to my contacts list.
Fortunately, when I did the same thing today as a test, I was able to see the code without having to add it. So Messages does learn which numbers are possibly junk and which are not. But it also means you have to potentially add every number that sends you a code to your list. And if you have a lot of accounts set up with SMS two-factor authentication, this can quickly get annoying.
It appears to happen automatically. I’ve searched through settings to see if there is an option to turn it off, but I didn’t see one. Apple’s support page only tells you what to do if your own message was delivered as junk.
But as I said, I didn’t have to add the number a second time, so hopefully this won’t be as big an issue as I first thought. It’s just something to keep in mind.
Further Reading:
I agree that this would make it more annoying in that situation. However, from a security standpoint users should move away from SMS two factor anywhere they can. This has been proved insecure by multiple sources and even more so with recent SMS vulnerabilities. Using an authenticator app is much more secure. Even better if you use a Yubikey