SoylentNews is people
SoylentNews
Submission Preview
NIST Recommends Against Using SMS for 2-Factor Authentication
An article in TechCrunch [techcrunch.com] describes changes that the National Institute for Standards and Technology (NIST) is considering to its Digital Authentication Guideline [nist.gov]:
For now, services can continue with SMS as long as it isn’t via a service that virtualizes phone numbers — the risk of exposure and tampering there might be considered too great. NIST isn’t telling for now, but more info will come out as the comment period wears on. But before long all use of SMS will be frowned on, as the bolded passage clearly indicates.
Additional comments are available on Bruce Schneier's blog [schneier.com].
"I have not the slightest confidence in 'spiritual manifestations.'"
-- Robert G. Ingersoll
