The Latest in IT Security

NIST Proposes Ban on SMS-Based Two-Factor Authentication

26
Jul
2016
NIST Proposes Ban on SMS-Based Two-Factor Authentication

^153732CBBC8ADD25884E317B6D1AB623CBB5EACDD70B912868^pimgpsh_fullsize_distr

The National Institute for Standards and Technology (NIST) has released a Digital Authentication Guideline draft proposing that all services abandon SMS-based two-factor authentication and use tokens and software cryptographic authenticators.

Because messages can be redirected to a VoIP service and not an actual mobile number, NIST believes SMS-enabled two-factor authentication is vulnerable to attacks. A true out-of-band authentication system should not depend on the ability to receive messages (email or instant messages), as somebody other than the owner may have the device.

Read More

Leave a reply


Categories

THURSDAY, SEPTEMBER 21, 2017

Featured

Archives

Latest Comments

Social Networks