New U.S. Guidelines Could Halt Use of SMS for Two-Factor Authentication

by

The US National Institute for Standards and Technology has released a new draft of its Digital Authentication Guideline, which sets the rules that all authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "no longer" allowing its use in future guidelines as it is considered not secure enough (via TechCrunch).

iOS two-factor authentication

Two-factor authentication via SMS (left) and an alternative trusted iOS device (right)

Setting up two-factor authentication through text messages is one of the most popular ways users add another layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement two-factor authentication through a simple push notification sent to another "trusted device," or a phone call.

If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.

The new guidelines also make a point for companies to ensure that two-factor authentication notifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID as an alternative if SMS support for the security feature officially comes to an end.

Tag: Two-Factor Authentication

Popular Stories

Apple Wallet ID Illinois

Apple Plans to Expand iPhone Driver's Licenses to These 7 U.S. States

Wednesday December 24, 2025 8:40 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article68 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article100 comments
maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article182 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
airpods color prototypes

Apple Tested AirPods in Bright Colors

Saturday December 27, 2025 6:06 am PST by
Apple reportedly tested a version of the first-generation AirPods with bright, iPhone 5c-like colored charging cases. The images, shared by the Apple leaker and prototype collector known as "Kosutami," claim to show first-generation AirPods prototypes with pink and yellow exterior casings. The interior of the charging case and the earbuds themselves remain white. They seem close to some...
Read Full Article81 comments
maxresdefault

10 Mac Apps Worth Trying in 2026

Wednesday December 24, 2025 9:27 am PST by
2026 is almost upon us, and a new year is a good time to try out some new apps. We've rounded up 10 excellent Mac apps that are worth checking out. Subscribe to the MacRumors YouTube channel for more videos. Alt-Tab (Free) - Alt-Tab brings a Windows-style alt + tab thumbnail preview option to the Mac. You can see a full window preview of open apps and app windows. One Thing (Free) -...
Read Full Article101 comments
top stories 2025 12 27

Top Stories: iPhone Fold Mockup, Where's the New Apple TV?, and More

Saturday December 27, 2025 6:00 am PST by
Merry Christmas and Happy Holidays from MacRumors! News in the Apple world has unsurprisingly been relatively slow over the past week, but Apple's upcoming foldable iPhone managed to make its way back into the news, while we also shared updates on current and future Apple TV news. iOS 26.3 will be bringing some new features, particularly for users in the EU, so we'll look for additional...
Read Full Article17 comments

Top Rated Comments

2457282 Avatar
2457282
123 months ago
I thought our government was trying to weaken security so they can access our phones. Who at NIST made this mistake of proposing a verification process that was more secure? Probably fired by the end of the week. :eek::D:p:cool:
Score: 20 Votes (Like | Disagree)
John Mcgregor Avatar
John Mcgregor
123 months ago
Apple can send an iMessage.
Score: 10 Votes (Like | Disagree)
gwhizkids Avatar
gwhizkids
123 months ago
But its a much better way than doing nothing at all. Personally, we need to get to a whole new paradigm of authentication, period. Deprecate the password!
Score: 7 Votes (Like | Disagree)
Iconoclysm Avatar
Iconoclysm
123 months ago
I thought our government was trying to weaken security so they can access our phones. Who at NIST made this mistake of proposing a verification process that was more secure? Probably fired by the end of the week. :eek::D:p:cool:
If the government convinces you to use TouchID, they can force you to unlock your phone without a PIN.
Score: 6 Votes (Like | Disagree)
bdhokie Avatar
bdhokie
123 months ago
While it may not be perfect, the suggestion everyone should use an app eliminates any two factor authentication for small companies /developers who may not have those resources starting out. Instead of deprecating SMS, which is better than nothing, why not recommend it as a last resort?
Score: 5 Votes (Like | Disagree)
big-ted Avatar
big-ted
123 months ago
Good.

SMS is a piss poor way of doing 2FA and lazy companies need to move towards apps such as google authenticator, authy, e.g.
You are assuming that everyone on the planet has a smart phone
Score: 5 Votes (Like | Disagree)
Read All Comments