Skip to main content

Could two-step verification through texts go the way of the dodo?

nest two step verification
Image used with permission by copyright holder
The number of websites and services using two-step verification to secure accounts has increased over the years — yet the National Institute of Standards and Technology’s latest proposal might put a halt to the verification method.

In its mainstream incarnation, two-step verification (also known as multi-factor authentication and two-factor authentication) works by sending you a one-time code through SMS when logging into one of your digital accounts. In theory, even if someone has your username and password, they cannot access your account without access to your phone. Two-step verification is not the end-all, be-all solution that will forever safeguard your accounts, but it has certainly proven resilient over time.

Recommended Videos

Unfortunately, recent malware like HummingBad and Stagefright shows that folks are finding more ways to remotely access your phone and your messages, thus raising concerns over two-step verification. Furthermore, as Slate points out, services like Skype and Google Voice have become more popular over the years, putting into question how secure transmission protocols used by two-step verification systems are.

As a result, NIST suggests the use of alternative authenticators to ensure the integrity of such systems.

“Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators,” reads the government agency’s draft.

Based on the language of the draft, NIST wants agencies to avoid making new investments into two-step verification systems that use SMS messages, and instead invest in alternative solutions like biometrics and apps that create one-time codes. However, the agency also warns that the use of SMS messages “may no longer be allowed in future releases of this guidance,” putting into question whether there will be an expiration date on such uses.

Michael Garcia, deputy director of authentication research program NSTIC at NIST, reaffirmed the draft’s language regarding SMS-based two-step verification systems, saying that alternative solutions should be considered if entities are at a point of reinvestment.

“We’re not saying federal agencies drop SMS, don’t use it anymore,” Garcia told Slate. “But, we are saying, if you’re making new investments, you should consider that in your decision-making.”

Overall, NIST’s draft does not mean much for people with digital accounts right now, but do not be surprised if, in time, companies like Google and Apple no longer want to send you one-time codes and, instead, opt for different, more secure methods of accessing your accounts.

Williams Pelegrin
Former Digital Trends Contributor
Williams is an avid New York Yankees fan, speaks Spanish, resides in Colorado, and has an affinity for Frosted Flakes. Send…
Apple’s latest Find My feature taps airlines to rescue lost luggage
Share Item Location feature introduced with iOS 18 beta 2 update.

Apple’s Find My platform for item location is one of the most lucrative elements of its ecosystem. Now, the company is introducing a new feature called Share Item Location, which allows users to securely share the location of any accessory (or item with an AirTag attached) with friends or commercial airline service providers.

To that end, the company has joined hands with over 15 airline service providers operating across North America, Australia, Asia, and Europe to help passengers locate their lost items. The airline partners will kick-start their respective tracking assistance services in the coming months.

Read more
Give your brain a workout using music and this EEG wearable
A promotional image for the Alphabeats app and Muse headband.

Alphabeats, a company that uses music to give your brain a workout, has returned after its initial launch earlier this year with a new partnership that makes the technology more accessible to more people. It has teamed up with Muse to integrate its unusual training method into the brand’s high-tech headbands with built-in electroencephalogram (EEG) sensors.

Muse wearers will be able to use the Alphabeats app to play music, which is tuned to their brainwaves and then adapted to create a high-intensity interval training-style workout for the mind, training it to improve focus, promote relaxation, or to meditate. Your brainwaves are tracked by the Muse headband and visualized in the Alphabeats app, while the headband comes with a new feature called the Brain Recharge Score, which allows you to understand how your brain is reacting to stress and demanding tasks over time.

Read more
I compared Apple’s and Samsung’s AI photo editing tools. There’s a clear winner
The Samsung Galaxy S24 Ultra and Apple iPhone 16 Pro Max's screen.

Apple has joined the AI game with Apple Intelligence, finally catching up to its competitors in that department. And with the iOS 18.1 update in October, most people who have a compatible iPhone can finally use those Apple Intelligence tools, including Clean Up.

The Clean Up tool in the Photos app is basically Apple’s version of Google’s Magic Eraser or Samsung’s Object Eraser. Back when I compared Magic Eraser and Object Eraser, Samsung’s tool was the better of the two. So, how does Apple’s Clean Up compare? Let’s find out.
The limitations of object removal tools

Read more