1. Mobile

Could two-step verification through texts go the way of the dodo?

By

nest two step verification
The number of websites and services using two-step verification to secure accounts has increased over the years — yet the National Institute of Standards and Technology’s latest proposal might put a halt to the verification method.

In its mainstream incarnation, two-step verification (also known as multi-factor authentication and two-factor authentication) works by sending you a one-time code through SMS when logging into one of your digital accounts. In theory, even if someone has your username and password, they cannot access your account without access to your phone. Two-step verification is not the end-all, be-all solution that will forever safeguard your accounts, but it has certainly proven resilient over time.

Unfortunately, recent malware like HummingBad and Stagefright shows that folks are finding more ways to remotely access your phone and your messages, thus raising concerns over two-step verification. Furthermore, as Slate points out, services like Skype and Google Voice have become more popular over the years, putting into question how secure transmission protocols used by two-step verification systems are.

As a result, NIST suggests the use of alternative authenticators to ensure the integrity of such systems.

“Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators,” reads the government agency’s draft.

Based on the language of the draft, NIST wants agencies to avoid making new investments into two-step verification systems that use SMS messages, and instead invest in alternative solutions like biometrics and apps that create one-time codes. However, the agency also warns that the use of SMS messages “may no longer be allowed in future releases of this guidance,” putting into question whether there will be an expiration date on such uses.

Michael Garcia, deputy director of authentication research program NSTIC at NIST, reaffirmed the draft’s language regarding SMS-based two-step verification systems, saying that alternative solutions should be considered if entities are at a point of reinvestment.

“We’re not saying federal agencies drop SMS, don’t use it anymore,” Garcia told Slate. “But, we are saying, if you’re making new investments, you should consider that in your decision-making.”

Overall, NIST’s draft does not mean much for people with digital accounts right now, but do not be surprised if, in time, companies like Google and Apple no longer want to send you one-time codes and, instead, opt for different, more secure methods of accessing your accounts.

Editors' Recommendations

The 99 best movies on Hulu right now

John Travolta in The Taking of Pelham 123.

How to set up two-factor authentication on Twitch

Twitch Logo

The 100 best Android apps (October 2021)

best Android apps

What is WhatsApp?

whatsapp

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Intel now says the chip shortage may not ease up until at least 2023

Intel CEO Pat Gelsinger delivers the Day 1 closing keynote at IAA Mobility

Best cheap laser printer deals for October 2021

brother dcp l250dw laser printer amazon deal monochrome

Fortnite season 8, week 6 challenge guide: Containment Specialist

Containment Specialists from Fortnite.

How to kill the Breaker in Back 4 Blood

The Breaker towers over common zombies in Back 4 Blood.

Best Verizon new customer deals for October 2021

Verizon 5G Super Bowl

Latest iPhone SE 3 rumors contradict previous ones

iPhone SE

How to get free stuff on Amazon in 2021

Amazon Black Friday deals

Leaked Samsung Galaxy Tab S8 renders show sleek design similar to the S7

Samsung Galaxy Tab A7.