ahlam1399
07-26-2016, 06:00 PM
The US National Institute for Standards and Tech**logy (http://www.nist.gov/) has released a new draft (https://pages.nist.gov/800-63-3/sp800-63b.html) of its Digital Authentication Guideline, which sets the rules that all authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "** longer" allowing its use in future guidelines as it is considered **t secure e**ugh (via TechCrunch (https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/)).
http://cdn.macrumors.com/article-new/2016/07/iOS-two-factor-authentication-800x393.jpgTwo-factor authentication via SMS (left) and an alternative trusted iOS device (right)
Setting up two-factor authentication through text messages is one of the most popular ways users add a**ther layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud (http://www.macrumors.com/roundup/icloud/). Other than SMS, Apple allows users to implement two-factor authentication through a simple push **tification sent to a**ther "trusted device (https://support.apple.com/en-us/HT204915)," or a phone call.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and **t with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL **T be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will ** longer be allowed in future releases of this guidance. The new guidelines also make a point for companies to ensure that two-factor authentication **tifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID (http://www.macrumors.com/roundup/touch-id/) as an alternative if SMS support for the security feature officially comes to an end.
Tag: Two-Factor Authentication (http://www.macrumors.com/roundup/two-factor-authentication/)
Discuss this article (http://forums.macrumors.com/threads/guidelines-halt-sms-two-factor.1984597/) in our forums
http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=7Oz8oa6FK0g:clLbNFDjygg:6W8y8wAjSf4) http://feeds.feedburner.com/~ff/MacRumors-All?d=qj6IDK7rITs (http://feeds.macrumors.com/~ff/MacRumors-All?a=7Oz8oa6FK0g:clLbNFDjygg:qj6IDK7rITs)
http://feeds.feedburner.com/~r/MacRumors-All/~4/7Oz8oa6FK0g
أكثر... (http://www.macrumors.com/2016/07/26/guidelines-halt-sms-two-factor/)
http://cdn.macrumors.com/article-new/2016/07/iOS-two-factor-authentication-800x393.jpgTwo-factor authentication via SMS (left) and an alternative trusted iOS device (right)
Setting up two-factor authentication through text messages is one of the most popular ways users add a**ther layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud (http://www.macrumors.com/roundup/icloud/). Other than SMS, Apple allows users to implement two-factor authentication through a simple push **tification sent to a**ther "trusted device (https://support.apple.com/en-us/HT204915)," or a phone call.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and **t with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL **T be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will ** longer be allowed in future releases of this guidance. The new guidelines also make a point for companies to ensure that two-factor authentication **tifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID (http://www.macrumors.com/roundup/touch-id/) as an alternative if SMS support for the security feature officially comes to an end.
Tag: Two-Factor Authentication (http://www.macrumors.com/roundup/two-factor-authentication/)
Discuss this article (http://forums.macrumors.com/threads/guidelines-halt-sms-two-factor.1984597/) in our forums
http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=7Oz8oa6FK0g:clLbNFDjygg:6W8y8wAjSf4) http://feeds.feedburner.com/~ff/MacRumors-All?d=qj6IDK7rITs (http://feeds.macrumors.com/~ff/MacRumors-All?a=7Oz8oa6FK0g:clLbNFDjygg:qj6IDK7rITs)
http://feeds.feedburner.com/~r/MacRumors-All/~4/7Oz8oa6FK0g
أكثر... (http://www.macrumors.com/2016/07/26/guidelines-halt-sms-two-factor/)