New U.S. Guidelines Could Halt Use of SMS for Two-Factor Authentication
The US National Institute for Standards and Technology has released a new draft of its Digital Authentication Guideline, which sets the rules that all authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "no longer" allowing its use in future guidelines as it is considered not secure enough (via TechCrunch).
Two-factor authentication via SMS (left) and an alternative trusted iOS device (right)
Setting up two-factor authentication through text messages is one of the most popular ways users add another layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement two-factor authentication through a simple push notification sent to another "
trusted device," or a phone call.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.
The new guidelines also make a point for companies to ensure that two-factor authentication notifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID as an alternative if SMS support for the security feature officially comes to an end.
Related Stories
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99.
The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option.
A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
Apple has been involved in a long-running iPhone trademark dispute in Brazil, which was revived today by IGB Electronica, a Brazilian consumer electronics company that originally registered the "iPhone" name in 2000.
IGB Electronica fought a multi-year battle with Apple in an attempt to get exclusive rights to the "iPhone" trademark, but ultimately lost, and now the case has been brought to...
Google has rolled out picture-in-picture support as an "experimental" feature for YouTube premium subscribers, allowing them to watch video in a small window when the app is closed.
If you're a premium YouTube subscriber looking to try out picture-in-picture, follow these steps: Launch a web browser and sign into your YouTube account at YouTube.com.
Navigate to www.youtube.com/new.
Scroll...
Apple has published a FAQ titled "Expanded Protections for Children" which aims to allay users' privacy concerns about the new CSAM detection in iCloud Photos and communication safety for Messages features that the company announced last week. "Since we announced these features, many stakeholders including privacy organizations and child safety organizations have expressed their support of...
Apple is currently engaged in a cat-and-mouse game with persistent kids looking to circumvent Screen Time restrictions, but the company has been receiving some criticism for not moving quickly enough to lock down some of the loopholes, reports The Washington Post.
A few of the loopholes and ways for parents to shut them down are documented on the site Protect Young Eyes, while these and...
Apple's new macOS Mojave update is not compatible with mid-2010 and mid-2012 Mac Pros with stock GPUs, but it is supported on 2010 and 2012 Mac Pro models that have been upgraded with graphics cards that support Metal.
Apple today shared a new support document that provides a list of graphics cards that are Metal-capable, which will be useful for 2010 and 2012 Mac Pro owners who want to...
For this week's giveaway, we've teamed up with MAXOAK to offer MacRumors readers a chance to win a Bluetti portable power station and an accompanying solar panel. Bluetti makes a range of portable power station options that are useful for camping, emergencies, power outages, off-grid living, and similar situations.
The Bluetti EB70 is a solid middle of the road option that offers 716Wh and...
If you unwrapped an Apple product today it likely came with one of the company's first-party Lightning cables, but having an extra on hand is always a good idea, so you can place it in other rooms in your house, in your car, or in a bag when you travel.
For that reason, now's a good time to shop for third-party Lightning cables that are cheaper than Apple's own accessory, but still Made For...
Apple has stopped selling the second-generation 10.5-inch iPad Pro, originally released in June 2017, after launching a new 10.5-inch iPad Air today.
The 10.5-inch iPad Pro had remained available from $649 following the release of 11-inch and 12.9-inch iPad Pro models in October 2018, but it has been replaced by the 10.5-inch iPad Air with a cheaper starting price of $499.
The new iPad...
Top Rated Comments