Night mode is an automatic setting which takes advantage of the new wide-angle camera that's in the iPhone 11 and 11 Pro models. It's equipped with a larger sensor that is able to let in more light, allowing for brighter photos when the light is low.
macOS Catalina Now Available
New U.S. Guidelines Could Halt Use of SMS for Two-Factor Authentication
The US National Institute for Standards and Technology has released a new draft of its Digital Authentication Guideline, which sets the rules that all authentication software eventually follows. In the document, NIST deprecates the implementation of SMS as a method with which users validate a second level of security on various accounts, "no longer" allowing its use in future guidelines as it is considered not secure enough (via TechCrunch).
Two-factor authentication via SMS (left) and an alternative trusted iOS device (right)
Setting up two-factor authentication through text messages is one of the most popular ways users add another layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement two-factor authentication through a simple push notification sent to another "trusted device," or a phone call.
Setting up two-factor authentication through text messages is one of the most popular ways users add another layer of security onto an account, on top of a basic password, including those for Apple's own software, like Apple ID and iCloud. Other than SMS, Apple allows users to implement two-factor authentication through a simple push notification sent to another "trusted device," or a phone call.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.The new guidelines also make a point for companies to ensure that two-factor authentication notifications aren't going through a VoIP service, which could be easily compromised. NIST also includes "limited use" of biometrics as a way for users to gain access to their second layer of authentication, meaning Apple could pivot to Touch ID as an alternative if SMS support for the security feature officially comes to an end.
[ 101 comments ]
Top Rated Comments
(View all)
42 months ago
I thought our government was trying to weaken security so they can access our phones. Who at NIST made this mistake of proposing a verification process that was more secure? Probably fired by the end of the week. :eek::D:p:cool:
42 months ago
But its a much better way than doing nothing at all. Personally, we need to get to a whole new paradigm of authentication, period. Deprecate the password!
42 months ago
I thought our government was trying to weaken security so they can access our phones. Who at NIST made this mistake of proposing a verification process that was more secure? Probably fired by the end of the week. :eek::D:p:cool:
If the government convinces you to use TouchID, they can force you to unlock your phone without a PIN.
42 months ago
While it may not be perfect, the suggestion everyone should use an app eliminates any two factor authentication for small companies /developers who may not have those resources starting out. Instead of deprecating SMS, which is better than nothing, why not recommend it as a last resort?
42 months ago
Good.
SMS is a piss poor way of doing 2FA and lazy companies need to move towards apps such as google authenticator, authy, e.g.
You are assuming that everyone on the planet has a smart phone
42 months ago
Apple's implementation does not use SMS - please correct the article. If it were SMS, it'd appear as a green text in iMessage, rather than the popup that does happen.
But more importantly, while the article rightly points out that SMS can be spoofed or intercepted, it completely ignores the question of 'is it secure enough'? For nuclear launch codes, no, agree it's not. But for securing a gmail account? It's the best option available at the moment.
But more importantly, while the article rightly points out that SMS can be spoofed or intercepted, it completely ignores the question of 'is it secure enough'? For nuclear launch codes, no, agree it's not. But for securing a gmail account? It's the best option available at the moment.
42 months ago
There needs to be a two step authentication any time you talk to carrier customer service.
The reason why SMS two step isn't safe is because your phone number can be re routed without your knowledge. Having said that, does anyone know how to disable iMessage authentication?
Pro Tip: 1password can act as a authenticator app. No need for Google Auth app or Authy.
The reason why SMS two step isn't safe is because your phone number can be re routed without your knowledge. Having said that, does anyone know how to disable iMessage authentication?
Pro Tip: 1password can act as a authenticator app. No need for Google Auth app or Authy.
42 months ago
There have been public-private key encryption standards for SMS messages going back twenty years. Not a single carrier has implemented in on their network. Implement that and you can use SMS messages to verify without compromise.
42 months ago
Misleading article. The deprecation of SMS as authentication method is not about two factor authentication, but authentication in general. So single factor authentication through SMS will of course also be deprecated (Example: WhatsApp)
[ Read All Comments ]
Two deals have hit Apple's latest line of iMacs, including both the 21.5-inch and 27-inch Retina iMac models from Early 2019. Both of these sales can be found on Amazon. Additionally, Apple's...
Two smart home accessories gained HomeKit support today, including the Arlo Ultra security camera and the Netatmo Weather Station.
Arlo Ultra
While users can already control Arlo Ultra cameras...
Following a successful debut on Kickstarter, Sphero's newest robot, the RVR, is now available for purchase worldwide.
The RVR is a fully programmable and customizable RC car that's...
Apple is testing different Face ID prototypes that would allow a smaller notch to be used in its 2020 iPhones, according to leaker and concept artist Ben Geskin.
Geskin previously created a...
Tim Cook gave the keynote speech at the Ceres 30th Anniversary Gala in New York City on Monday night. Ceres is a sustainability nonprofit organization, and Cook was invited to share Apple's...
Music software company Serato has updated DJ Pro and DJ Lite to bring full support for macOS Catalina, which ditches iTunes in favor of a new standalone Music app.
The elimination of iTunes...
Yelp has updated its Apple Watch app for watchOS 6, introducing a new modern interface and leveraging the device's new integrated compass, which should make finding the nearest coffee shop or...
Apple today released a new supplemental update for macOS Catalina, nearly one week after releasing the first supplemental update and two weeks after the launch of macOS Catalina.
The update can...
