Could two-step verification through texts go the way of the dodo?

nest two step verification
The number of websites and services using two-step verification to secure accounts has increased over the years — yet the National Institute of Standards and Technology’s latest proposal might put a halt to the verification method.

In its mainstream incarnation, two-step verification (also known as multi-factor authentication and two-factor authentication) works by sending you a one-time code through SMS when logging into one of your digital accounts. In theory, even if someone has your username and password, they cannot access your account without access to your phone. Two-step verification is not the end-all, be-all solution that will forever safeguard your accounts, but it has certainly proven resilient over time.

Unfortunately, recent malware like HummingBad and Stagefright shows that folks are finding more ways to remotely access your phone and your messages, thus raising concerns over two-step verification. Furthermore, as Slate points out, services like Skype and Google Voice have become more popular over the years, putting into question how secure transmission protocols used by two-step verification systems are.

As a result, NIST suggests the use of alternative authenticators to ensure the integrity of such systems.

“Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators,” reads the government agency’s draft.

Based on the language of the draft, NIST wants agencies to avoid making new investments into two-step verification systems that use SMS messages, and instead invest in alternative solutions like biometrics and apps that create one-time codes. However, the agency also warns that the use of SMS messages “may no longer be allowed in future releases of this guidance,” putting into question whether there will be an expiration date on such uses.

Michael Garcia, deputy director of authentication research program NSTIC at NIST, reaffirmed the draft’s language regarding SMS-based two-step verification systems, saying that alternative solutions should be considered if entities are at a point of reinvestment.

“We’re not saying federal agencies drop SMS, don’t use it anymore,” Garcia told Slate. “But, we are saying, if you’re making new investments, you should consider that in your decision-making.”

Overall, NIST’s draft does not mean much for people with digital accounts right now, but do not be surprised if, in time, companies like Google and Apple no longer want to send you one-time codes and, instead, opt for different, more secure methods of accessing your accounts.


These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…

The most common Nintendo 3DS problems, and how to fix them

The Nintendo 3DS has seen its fair share of issues since it launched in 2011, including poor battery life and fragile Circle Pads. Here are some of the most common, as well as the steps you can take to solve them.

Encryption-busting law passed in Australia may have global privacy implications

Controversial laws have been passed in Australia which oblige tech companies to allow the police to access encrypted messages, undermining the privacy of encryption with potentially global effects.
Home Theater

Common AirPods problems, and how to fix them

Apple’s AirPods are among the best fully wireless earbuds we’ve seen, but they’re not perfect. If you’re having trouble, take a look at our guide to the most common problems and what you can do to fix them.

The LG V40 ThinQ, G7 ThinQ, and Watch W7 are discounted for the holidays

LG announced a series of deals for the holiday season where you can buy the company's two flagship phones, the V40 ThinQ and G7 ThinQ, as well as its latest smartwatch, for between $150 and $200 off, depending on the device.

Midrange phones can’t do A.I., but MediaTek’s P90 chip aims to change that

MediaTek has announced the Helio P90 mobile processor, which it says will bring the best A.I. features we see on high-end smartphones, to the mid-range. We spoke to the company about the chip.

5G’s arrival is transforming tech. Here’s everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.

Want to watch Netflix in bed or browse the web? We have a tablet for everyone

There’s so much choice when shopping for a new tablet that it can be hard to pick the right one. From iPads to Android, these are our picks for the best tablets you can buy right now whatever your budget.

McLaren puts the pedal to the metal in special-edition OnePlus 6T

The OnePlus 6T is yet another flagship killer smartphone, bringing powerful specifications to a much lower price than the competition. Now, OnePlus has teamed up with McLaren for the OnePlus 6T McLaren Edition.

G’day, Google: U.S. users can now give Assistant a British or Australian accent

U.S. Google Assistant users can give their Assistant a different voice. Google has updated Assistant with the ability for users to give it either a British or Australian accent, which could make it a little more personal for some.

Tune in to the best internet radio stations for your listening pleasure

Even in the streaming era, radio stations get some of the best exclusives and curate some of the finest handpicked playlists around. Here are the best internet radio stations, for your listening pleasure.

Microsoft’s latest patent paves the way for Andromeda dual-screen mobile device

The latest patent discovery from Microsoft showcases a new hinge design for quickly opening a dual-screen mobile device with a single hand. Could this be additional proof surrounding the rumors of the company's Project Andromeda device?

Need to record calls on an iPhone? Check out our handy guide

Are you wondering how to record calls on your iPhone? It isn't as easy as you might think, but we'll walk you through the process of doing so with Google Voice, and identify several other apps and external voice recorders that can help.