SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    NIST Recommends Against Using SMS for 2-Factor Authentication
Date    Friday August 05 2016, @11:51PM
Author    cmn32480
Topic   
from the you-mean-plain-text-isn't-safe dept.
https://soylentnews.org/article.pl?sid=16/08/05/123249

Bill Dimm writes:

An article in TechCrunch describes changes that the National Institute for Standards and Technology (NIST) is considering to its Digital Authentication Guideline:

For now, services can continue with SMS as long as it isn't via a service that virtualizes phone numbers — the risk of exposure and tampering there might be considered too great. NIST isn't telling for now, but more info will come out as the comment period wears on. But before long all use of SMS will be frowned on, as the bolded passage clearly indicates.

Additional comments are available on Bruce Schneier's blog.

Original Submission

Links
  1. "Bill Dimm" - https://soylentnews.org/~Bill+Dimm/
  2. "article in TechCrunch" - https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/
  3. "Digital Authentication Guideline" - https://pages.nist.gov/800-63-3/sp800-63b.html
  4. "Bruce Schneier's blog" - https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html
  5. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=15141
© Copyright 2023 - SoylentNews, All Rights Reserved

printed from SoylentNews, NIST Recommends Against Using SMS for 2-Factor Authentication on 2023-07-10 16:12:07