New U.S. Guidelines Could Halt Use of SMS for Two-Factor Authentication
The US National Institute for Standards and Technology has released a new draft of its Digital Authentication Guideline, which sets the rules that all authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "no longer" allowing its use in future guidelines as it is considered not secure enough (via TechCrunch).
Two-factor authentication via SMS (left) and an alternative trusted iOS device (right)
Setting up two-factor authentication through text messages is one of the most popular ways users add another layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement two-factor authentication through a simple push notification sent to another "
trusted device," or a phone call.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.
The new guidelines also make a point for companies to ensure that two-factor authentication notifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID as an alternative if SMS support for the security feature officially comes to an end.
Popular Stories
In his Power On newsletter today, Bloomberg's Mark Gurman said Apple will have a three-day stretch of product announcements from Monday, March 2 through Wednesday, March 4. In total, he expects Apple to introduce "at least five products."
Subscribe to the MacRumors YouTube channel for more videos.
A week ago, Apple invited selected journalists and content creators to an "Apple Experience" in...
Apple's software engineers are testing iOS 26.3.1, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions.
iOS 26.3.1 should be a minor update that fixes bugs and/or security vulnerabilities, and it will likely be released within the next two weeks.
Last month, Apple released iOS 26.2.1 with bug fixes and support for the second-generation...
Apple is expected to launch a new foldable iPhone this year, based on multiple rumors and credible sources. The long-awaited device has been rumored for years now, but signs increasingly suggest that Apple will release its first foldable device in 2026.
Subscribe to the MacRumors YouTube channel for more videos.
Below, we've collated an updated set of key details that have been leaked about ...
The special new color that Apple is considering for the iPhone 18 Pro and iPhone 18 Pro Max this year is red, according to Bloomberg's Mark Gurman.
Specifically, he said that Apple is testing a "deep red" finish for the two devices.
If this rumor materializes, it would be the first time that the Pro and Pro Max models ever come in red, and the iPhone 18 Pro models would be the first...
Apple CEO Tim Cook was among a handful of top tech executives who attended a classified CIA briefing warning that China could attack Taiwan by 2027, according to a sweeping investigative report by The New York Times ($).
The previously unreported briefing was apparently held in a secure room in Silicon Valley in July 2023. The meeting is said to have been arranged at the request of the...
