New U.S. Guidelines Could Halt Use of SMS for Two-Factor Authentication
The US National Institute for Standards and Technology has released a new draft of its Digital Authentication Guideline, which sets the rules that all authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "no longer" allowing its use in future guidelines as it is considered not secure enough (via TechCrunch).
Two-factor authentication via SMS (left) and an alternative trusted iOS device (right)
Setting up two-factor authentication through text messages is one of the most popular ways users add another layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement two-factor authentication through a simple push notification sent to another "
trusted device," or a phone call.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.
The new guidelines also make a point for companies to ensure that two-factor authentication notifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID as an alternative if SMS support for the security feature officially comes to an end.
Popular Stories
Apple is planning some of the "biggest iOS and macOS redesigns in its history," according to Bloomberg's Mark Gurman.
In his Power On newsletter today, Gurman reiterated that iOS 19 will have a visionOS-like design with more transparent interfaces:The new interfaces will adopt the design principles introduced in visionOS, the software for Apple's Vision Pro headset. That includes greater...
If you've been following iPhone rumors over the last few years, you may remember reading reports that Apple flirted with the idea of introducing a super high-end "Ultra" model that would either replace its Pro Max device or sit above it in Apple's smartphone hirearchy. These reports appeared in the pre-launch iPhone 15 and iPhone 16 rumor cycles, but ultimately came to nothing. Now though, the...
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device.
Overall, the "iPhone 17 Air" sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
Apple prototyped a larger ultra-slim iPhone 17 Air with a 6.9-inch display, but ultimately decided not to go ahead with the device because of fears that it could be susceptible to bending, according to a new report.
Bloomberg reporter Mark Gurman, writing in his latest Power On newsletter:
When it first started work on the phone, it prototyped a device with a 6.9-inch screen — matching...
In an investor research note today with British bank Barclays, analyst Tim Long said Apple's first foldable iPhone could have a starting price in the $2,300 range in the United States, which would make it by far the most expensive iPhone model ever.
If the first foldable iPhone starts at $2,299, that means it would cost nearly twice as much as the iPhone 16 Pro Max, which starts at $1,199.
...
Bloomberg's Mark Gurman today shared some new details about the rumored iPhone 17 Air.
In his Power On newsletter, Gurman said he was told that the device may start at roughly $899 in the U.S., which means that it would occupy the same price point as the iPhone 16 Plus. This would make sense, as it has been widely rumored that the Air model will take over the Plus model's spot in the iPhone...
The iOS 18.3.2 update that Apple released last week appears to have broken iCloud Mail for some users. There are multiple complaints on Reddit and the MacRumors forums from users who say that iCloud Mail is not able to push new iCloud emails to their iPhones after the iOS 18.3.2 update.
Affected users say that despite having the correct settings enabled, new iCloud emails are not showing up...
Apple considered launching the iPhone 17 Air without a USB-C charging port, according to Bloomberg's Mark Gurman.
In his Power On newsletter today, Gurman said that while Apple ultimately decided against making the iPhone 17 Air its first iPhone model without a charging port, the idea is still on the table for future iPhone models.
He said the iPhone 17 Air will "foreshadow a move to...
