SMS-based two-factor authentication is being phased out

The policy change comes courtesy of the National Institute of Standards and Technology (NIST), the federal agency responsible for setting official guidelines for technology standards and measurement regulations. Or, if the individual uses a voice-over internet protocol service – which provides phone service through a broadband internet connection- hackers can hijack the SMS message. The organization released a new draft of its Digital Authentication Guideline, in which it explained that SMS two-factor authentication would no longer be encouraged going forward.

Two-factor authentication, or 2FA, o For example, if you have two-factor authentication enabled on Twitter, the platform will send a six-digit code to your phone each time you sign in as an added layer of protection.is common practice these days now that hacked accounts seem as prevalent as the early-aughts butt dial.

In the draft, NIST proposes getting rid of SMS-based two-factor authentication, CNET reported. That’s because everyone has a phone with SMS capabilities, and it’s also rather trivial to use.

It says that while SMS-based 2FA still acceptable, it will not be for long.

The relevant paragraph reads: “If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service”. Only last week, researchers at Context Information Security have revealed another attack that relied on weaknesses in the SMS protocol to compromise devices and their users.

Instead it suggests that biometrics might be a more secure way of dealing with all this. But not every method for retrieving this verification code is secure in itself.