Skip to main content

Could two-step verification through texts go the way of the dodo?

The number of websites and services using two-step verification to secure accounts has increased over the years — yet the National Institute of Standards and Technology’s latest proposal might put a halt to the verification method.

In its mainstream incarnation, two-step verification (also known as multi-factor authentication and two-factor authentication) works by sending you a one-time code through SMS when logging into one of your digital accounts. In theory, even if someone has your username and password, they cannot access your account without access to your phone. Two-step verification is not the end-all, be-all solution that will forever safeguard your accounts, but it has certainly proven resilient over time.

Recommended Videos

Unfortunately, recent malware like HummingBad and Stagefright shows that folks are finding more ways to remotely access your phone and your messages, thus raising concerns over two-step verification. Furthermore, as Slate points out, services like Skype and Google Voice have become more popular over the years, putting into question how secure transmission protocols used by two-step verification systems are.

As a result, NIST suggests the use of alternative authenticators to ensure the integrity of such systems.

“Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators,” reads the government agency’s draft.

Based on the language of the draft, NIST wants agencies to avoid making new investments into two-step verification systems that use SMS messages, and instead invest in alternative solutions like biometrics and apps that create one-time codes. However, the agency also warns that the use of SMS messages “may no longer be allowed in future releases of this guidance,” putting into question whether there will be an expiration date on such uses.

Michael Garcia, deputy director of authentication research program NSTIC at NIST, reaffirmed the draft’s language regarding SMS-based two-step verification systems, saying that alternative solutions should be considered if entities are at a point of reinvestment.

“We’re not saying federal agencies drop SMS, don’t use it anymore,” Garcia told Slate. “But, we are saying, if you’re making new investments, you should consider that in your decision-making.”

Overall, NIST’s draft does not mean much for people with digital accounts right now, but do not be surprised if, in time, companies like Google and Apple no longer want to send you one-time codes and, instead, opt for different, more secure methods of accessing your accounts.

Williams Pelegrin
Williams is an avid New York Yankees fan, speaks Spanish, resides in Colorado, and has an affinity for Frosted Flakes. Send…
Forget Pro Max iPhones and Ultra Samsungs, the best phone I’ve used in years is the humble Pixel 9
Person holding the Google Pixel 9.

A few weeks ago, I returned to my Google Pixel 9 to test Gemini’s next-gen AI features. It was hard letting go of the OnePlus 13,  arguably one of the most rewarding phones out there. Plus, given the “Pixel history,” I had prepared myself for a bumpy ride, just like the Pixel 8, and the Pixel 7 before it. 

To my surprise, the Pixel 9 fared a lot better. It feels snappier on Android 16, takes sharp pictures, and lasts all day easily. The only thing pulling it down? The sporadic bad apps and updates. It's not enough to consider a replacement, but it's certainly frustrating in bits and pieces. 

Read more
Want smart glasses? The Meta Ray-Ban Glasses are 20% off today
The front of the Ray-Ban Meta smartglasses.

If you've always been interested in smart glasses, you should take advantage of Amazon's offer for the Headliner style of the Meta Ray-Ban Glasses. From their original price of $329, they're on sale for a more affordable $263 following a 20% discount from the retailer. This is a limited-time deal though, so you may miss out on the savings of $66 if you take too long to think about it. We highly recommend proceeding with the transaction as soon as possible, as once this bargain is gone, we're not sure when you'll get another chance at it.

Why you should buy the Meta Ray-Ban Glasses

Read more
This might be the coolest way to charge an Apple Watch
Spigen's Apple Watch charger, based on the design of the iMac G3.

If you love a touch of nostalgia and have an Apple Watch, then this new charger from Spigen may well appeal. 

Joining Spigen’s C1 collection featuring accessories inspired by the design of classic Apple products, the Apple Watch Classic C1 charger sports the familiar look of Apple’s iconic iMac G3, which shook up the PC market when it launched in 1998. 

Read more