• Home
  • Apple
  • News
  • New NIST Guidelines Mean Apple and Others Could Stop Using SMS for Two-Factor Authentication

New NIST Guidelines Mean Apple and Others Could Stop Using SMS for Two-Factor Authentication

New NIST Guidelines Mean Apple and Others Could Stop Using SMS for Two-Factor Authentication

A new draft of the US National Institute for Standards and Technology’s (NIST) Digital Authentication Guidelines could lead to Apple and other technology firms dropping the use of SMS for two-factor authentication.

New NIST Guidelines Mean Apple and Others Could Stop Using SMS for Two-Factor Authentication

TechCrunch:

At any rate, the changes are numerous, but perhaps most relevant for Joe and Jane Six-Pack is the active discouragement of using SMS as an “out of band authenticator” — essentially, a method for delivering a one-time use code for 2FA.

Two-factor authentication via a text message has become a popular way for companies and users to add another layer of security to accounts. Apple’s own Apple ID and iCloud services use SMS messages to send a passcode to enable two-factor authentication. The message is sent to a “trusted” device, phone number, or via a phone call.

If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.

While NIST guidelines do not have the same legal weight as an actual law, most major companies do follow the guidelines, which means Apple and other firms are likely drop support for SMS authentication once the recommendations are published.

For more information about how two-factor authentication for Apple accounts currently works, visit the Apple Support website.

Related

  1. Arizona Teen Faces Charges After His ‘Proof-of-Concept’ Knocks Out 911 Call Center
  2. Skype for iOS Updated With MSN Messenger Support, Retina Emoticons, and More
  3. Apple Airs New iCloud, Camera & Siri Ads For iPhone 4S
  4. Dalrymple: iPad 3 Will Not Be Released at Macworld (Debunked)
  5. Apple Details Apple Watch Accessibility Features
  6. Facebook News: Facebook Hit With $33m Fine in Brazil, Some Users Report Being Unable to Delete Accounts, More
Giveaways by iDrop News

iPhone X Giveaway

$999

Enter

MacBook Pro Giveaway

$1499.00

Enter

10.5″ iPad Pro Giveaway

$649.00

Enter

iPhone 8 Plus Giveaway

$800.00

Enter
Share