Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

NIST Recommends Against Using SMS for 2-Factor Authentication

posted by cmn32480 on Friday August 05 2016, @11:51PM   Printer-friendly
from the you-mean-plain-text-isn't-safe dept.

Bill Dimm writes:

An article in TechCrunch describes changes that the National Institute for Standards and Technology (NIST) is considering to its Digital Authentication Guideline:

For now, services can continue with SMS as long as it isn't via a service that virtualizes phone numbers — the risk of exposure and tampering there might be considered too great. NIST isn't telling for now, but more info will come out as the comment period wears on. But before long all use of SMS will be frowned on, as the bolded passage clearly indicates.

Additional comments are available on Bruce Schneier's blog.

Original Submission

 
This discussion has been archived. No new comments can be posted.
NIST Recommends Against Using SMS for 2-Factor Authentication | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Scruffy Beard 2 on Saturday August 06 2016, @03:33PM

    by Scruffy Beard 2 (6030) on Saturday August 06 2016, @03:33PM (#384769)

    Debit cards don't work for car rentals. Ask me how I know. :P

    Credit card companies (banks) like it that way.

    With debit cards, you are not going into debt with every purchase. That is why you pay the fees instead of the merchant.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2