Usually, when you activate the two-step authentication in any app or service you’re using, one of the options that you use is for them to send you an SMS message to confirm your identity. But that may soon be gone as the US National Institute for Standards and Technology is planning to drop that option from the latest draft of the Digital Authentication Guideline. They are citing that SMS is “relatively insecure” and so should not be used to authenticate a person’s identity or account.

Whatever is approved in the Digital Authentication Guide has to be followed by authentication software providers, so we may really see the SMS option ruled out when it comes to ascertaining whether you really are the user of a certain app or service. Reasons for this include the fact that the smartphone may not be in the possession of the actual owner or the SMS can actually be hacked by a VoIP (voice over internet protocol) service that is trying to gain access to your account.

In the draft of the Digital Authentication Guide, they stated: “[Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance.” What they’re still recommending to use is two-factor authentication that will be using secure applications or biometrics. The latter refers to fingerprint scanners for now, but later on, if rumors are true that the Galaxy Note 7 will have an iris scanner, then that can be used as well.

Two-step authentication may be a hassle for some people, but if you’re handling sensitive information or financial documents / items, then it is a better way to secure them. If the app or service you’re using has it, it would probably be a good idea to utilize it.

VIA: CNet

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.