SMS-Based Two-Factor Authentication May Soon Get Banned


National Institute of Standards and Technology (NIST) on the use of short-term coming to an end door Short Message Service (SMS) system validation helpers and applications services seek to establish two-factor authentication.

NIST has been working hard to review its digital authentication guidelines, this is an extensive document, basically outlines the rules of certified software creator must follow, and had taken the move to use SMS as deprecated methods accounts provide security moderate level. This seems NIST conviction that distribute content through SMS is no longer classified as secure enough.

two-factor companies and service providers who offer certification for a more robust account as a measure of long-term security to use SMS as the installation of additional security. Under normal circumstances, it is considered to be a simple solution to add another layer of security on top of a basic code, some of the largest companies in the world like Apple and Google realize it, have their own solutions together, if they can by secondary “trusted devices”, or send an e-mail to confirm the visit.

new guidelines renounced use of SMS as a “Band Authentication” on , which basically means that companies should use SMS to provide a single-use code that will be two-factor authentication means discouraged:

If the band authentication is to use a common SMS messages are mobile telephone network, the verifier verifies the phone number registered in advance is actually being used associated with the mobile network, and does not in the VoIP (or other software-based) service. It then sends an SMS message to a pre-registered phone number. Changing the pre-registered telephone number at the time the change should not be without two-factor authentication. OOB using SMS is obsolete and no longer in a future version of this guide allowed.


new guidelines and recommendations may change in a wide range, as you would expect from a document of this nature, but it seems there is an underlying focus on ensuring content through may be considered unsafe methods such as SMS, or even VoIP service, it is no longer transmitted. Proved to be relatively easy to compromise

it will be very interesting to see how companies deal with and implement new guidelines advancing

(Source: NIST , via: TechCrunch’s )

you might also want to look at:

you can follow our microblogging , Add us to your circle Google+’s or like our Facebook page , in order to maintain their updates from Microsoft, Google, Apple and the Web’s latest products.

Related stories

positions like this on Facebook