An anonymous reader writes: “The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA),” reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: “Biometrics SHALL be used with another authentication factor (something you know or something you have),” the guideline’s draft reads.
Read more of this story at Slashdot.
Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/yplrucyN5Dw/nist-prepares-to-ban-sms-based-two-factor-authentication