New U.S. Guidelines Could Halt Use of SMS for Two-Factor Authentication

The US National Institute for Standards and Technology has released a new draft of its Digital Authentication Guideline, which sets the rules that all authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "no longer" allowing its use in future guidelines as it is considered not secure enough (via TechCrunch).

iOS two-factor authentication

Two-factor authentication via SMS (left) and an alternative trusted iOS device (right)

Setting up two-factor authentication through text messages is one of the most popular ways users add another layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement two-factor authentication through a simple push notification sent to another "trusted device," or a phone call.

If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.

The new guidelines also make a point for companies to ensure that two-factor authentication notifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID as an alternative if SMS support for the security feature officially comes to an end.

Top Rated Comments

2457282 Avatar
83 months ago
I thought our government was trying to weaken security so they can access our phones. Who at NIST made this mistake of proposing a verification process that was more secure? Probably fired by the end of the week. :eek::D:p:cool:
Score: 20 Votes (Like | Disagree)
John Mcgregor Avatar
83 months ago
Apple can send an iMessage.
Score: 10 Votes (Like | Disagree)
gwhizkids Avatar
83 months ago
But its a much better way than doing nothing at all. Personally, we need to get to a whole new paradigm of authentication, period. Deprecate the password!
Score: 7 Votes (Like | Disagree)
Iconoclysm Avatar
83 months ago
I thought our government was trying to weaken security so they can access our phones. Who at NIST made this mistake of proposing a verification process that was more secure? Probably fired by the end of the week. :eek::D:p:cool:
If the government convinces you to use TouchID, they can force you to unlock your phone without a PIN.
Score: 6 Votes (Like | Disagree)
bdhokie Avatar
83 months ago
While it may not be perfect, the suggestion everyone should use an app eliminates any two factor authentication for small companies /developers who may not have those resources starting out. Instead of deprecating SMS, which is better than nothing, why not recommend it as a last resort?
Score: 5 Votes (Like | Disagree)
big-ted Avatar
83 months ago
Good.

SMS is a piss poor way of doing 2FA and lazy companies need to move towards apps such as google authenticator, authy, e.g.
You are assuming that everyone on the planet has a smart phone
Score: 5 Votes (Like | Disagree)

Popular Stories

iphone 14 pro hands snowflakes 1

Best Black Friday iPhone Deals Still Available

Wednesday November 23, 2022 1:55 pm PST by
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Black Friday 2022 is no different. Right now we're tracking notable offers on the iPhone 14 and iPhone 14 Pro devices from AT&T, Verizon, and T-Mobile. For even more savings, keep an eye on older models like the iPhone 13. Note: MacRumors is an affiliate partner with some of these vendors....
apple watch gold ornaments

Best Black Friday Apple Watch Deals Still Available

Wednesday November 23, 2022 9:31 am PST by
We're tracking all of the best Apple product discounts for Black Friday this week, and the Apple Watch always makes a great gift around the holiday season, so you're guaranteed to find solid discounts right now. In this article, you'll discover the best Black Friday sales on Apple Watch Series 8, Apple Watch SE, and Apple Watch Ultra. Note: MacRumors is an affiliate partner with some of these...
new airpods lineup black friday

Best Black Friday AirPods Deals Still Available

Tuesday November 22, 2022 10:01 am PST by
Although we've been tracking Black Friday deals for a few weeks now, the shopping holiday is officially kicking off this week and we're highlighting the best sales for each of Apple's product lines. In this article, you'll find the best Black Friday sales on AirPods 2, AirPods 3, AirPods Pro, AirPods Pro 2, and AirPods Max. Note: MacRumors is an affiliate partner with some of these vendors....
ipad holiday bulbs

Best Black Friday iPad Deals Still Available

Thursday November 24, 2022 12:25 pm PST by
Black Friday deals have been in full swing for the better part of a month, and now that the shopping holiday is officially here we're seeing even more solid discounts on Apple devices. We're highlighting the best sales for all of Apple's product lines, and in this article you'll find the best Black Friday sales on iPad, iPad Pro, iPad Air, and iPad mini. Note: MacRumors is an affiliate partner ...
mac imac snowflakes

Best Black Friday iMac and MacBook Deals Still Available

Thursday November 24, 2022 1:07 pm PST by
Our Black Friday coverage continues today with the best deals you can find on MacBook Pro, MacBook Air, and iMac. As with all Black Friday deals, we aren't sure how long any of these will last, and prices are always fluctuating, so if you see something you want, be sure to buy it soon. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
General Black Friday Deals 2022 Green

All the Apple Black Friday Deals You Can Still Get

Friday November 25, 2022 4:40 am PST by
Black Friday is winding down for 2022, but many Apple products are still seeing major discounts. In this article, you'll find every Apple device with a notable Black Friday sale. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet. Note: MacRumors is an affiliate partner with some of these vendors. When you...
General Black Friday Deals 2022 Blue

All the Apple Black Friday Deals You Can Get Right Now: AirPods, Apple TV, Mac, iPad, and More

Saturday November 19, 2022 8:00 am PST by
Last week was jam-packed with early Black Friday deals, and now that the shopping holiday is right around the corner, we're going back through all of the best sales you might have missed over the past week and updating as prices change and new deals arrive. As with all holiday shopping, there's no guarantee that better prices won't come around later in the season, but if you want to shop early,...
Best Buy November Deals Hero

Best Buy Reveals Black Friday Plans With Sitewide Sales Available Now

Tuesday November 22, 2022 3:49 pm PST by
Following in the footsteps of Target and Walmart, Best Buy this week detailed its plans for the Black Friday shopping holiday and its schedule looks a lot like other retailers. In terms of sales, Best Buy has the expected list of TVs, appliances, video games, computers, streaming devices, and more. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...