The US National Institute for Standards and Tech**logy has released a new draft of its Digital Authentication Guideline, which sets the rules that all Authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "** longer" allowing its use in future Guidelines as it is considered **t secure e**ugh (via TechCrunch).
Two-factor Authentication via SMS (left) and an alternative trusted iOS device (right)
Setting up Two-Factor Authentication through text messages is one of the most popular ways users add a**ther layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement Two-Factor Authentication through a simple push **tification sent to a**ther "trusted device," or a phone call.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and **t with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL **T be possible without Two-Factor Authentication at the time of the change. OOB using SMS is deprecated, and will ** longer be allowed in future releases of this guidance.
The new Guidelines also make a point for companies to ensure that Two-Factor Authentication **tifications aren't going through a VoIP service, which Could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple Could pivot to Touch ID as an alternative if SMS support for the security feature officially comes to an end.
07-26-2016, 06:00 PM
New National Guidelines Could Halt Use of SMS for Two-Factor Authentication
Two-factor Authentication via SMS (left) and an alternative trusted iOS device (right)
العرض العادي
