Relying on passwords is no longer enough, and some kind of two-factor authentication is a necessary component to secure applications, networks, and systems. However, the most common kind of two-factor authentication — sending special codes via SMS messages — may no longer be an acceptable form.
In the latest draft version of its Digital Authentication Guideline, the United States National Institute of Standards and Technology (NIST) is discouraging companies from using SMS-based authentication in their two-factor authentication schemes.
Many services offer two-factor authentication by asking users to enter into the app or site one-time passcodes sent via SMS to verify the transaction. Concerned about the weaknesses in the SMS mechanism, NIST is now recommending that developers use tokens and software cryptographic authenticators instead.
To read this article in full or to leave a comment, please click here