SMS-based two-factor authentication will soon be banned

July 27, 2016

The Digital Authentication Guideline (DAG) is developing the rules for secure authentification for making them more secure and protected. According to the Softpedia, SMS-based soon to be banned because of its insecurity.

The two-factor in the process of authentification with the help of SMS seems to be not so secure as it must. That’s why the US National Institute for Standards and Technology (NIST) prepares to get rid of SMS-based two-step authentication.

Such a two-factor identification is used by Gmail when a service provider sends you a code via SMS, you type received a code to enter your email account. Such an extra feature in the authentification process is the second step in authentication.

Being developed many years ago, SMS-based authentification became not so secure nowadays, SMS can be intercepted or by a VoIP service. Another concern is the phone may be in someone’s possession, not by the original owner.

The possible ban of the two-factor SMS-based authentification reflected in the draft next paragraph of The DAG by the US NIST:

“[Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance.”

Instead of it, the draft proposes another two-step notification with the using of biometric data: retina or fingerprint scanning is quite good, note NIST cyber specialists.