NIST is no longer hot for SMS-based two-factor authentication

NIST is no longer hot for SMS-based two-factor authentication

Relying on passwords is no longer enough, and some kind of two-factor authentication is a necessary component to secure applications, networks, and systems. However, the most common kind of two-factor authentication — sending special codes via SMS messages — may no longer be an acceptable form.

In the latest draft version of its Digital Authentication Guideline, the United States National Institute of Standards and Technology (NIST) is discouraging companies from using SMS-based authentication in their two-factor authentication schemes.

Many services offer two-factor authentication by asking users to enter into the app or site one-time passcodes sent via SMS to verify the transaction. Concerned about the weaknesses in the SMS mechanism, NIST is now recommending that developers use tokens and software cryptographic authenticators instead.

To read this article in full or to leave a comment, please click here

Source: Security


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.