The Latest in IT Security

NIST Proposes Ban on SMS-Based Two-Factor Authentication

26
Jul
2016

^153732CBBC8ADD25884E317B6D1AB623CBB5EACDD70B912868^pimgpsh_fullsize_distr

The National Institute for Standards and Technology (NIST) has released a Digital Authentication Guideline draft proposing that all services abandon SMS-based two-factor authentication and use tokens and software cryptographic authenticators.

Because messages can be redirected to a VoIP service and not an actual mobile number, NIST believes SMS-enabled two-factor authentication is vulnerable to attacks. A true out-of-band authentication system should not depend on the ability to receive messages (email or instant messages), as somebody other than the owner may have the device.

Read More

Leave a reply


Categories

FRIDAY, DECEMBER 03, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments