NIST Kills SMS Texting as a Method of 2 Factor Authentication

The National Institute for Standards and Testing (NIST) is a unit of the US Commerce Department charged with developing and applying technical and administrative standards within many different public private industries. NIST is the standards writing authority that all data protection regulations follow. They have announced that using SMS texting is no longer an accepted form of two factor authentication (2 FA). We have known for years that it was not secure and NIST is now making it official by writing it into their new 800-63B standard.

2 factor or multifactor Authentication utilizes two out of the three factors of authentication, something you know (such as a password), something you are (usually biometrics like a fingerprint) and something you have (smart card, badge, keyfob).

If you currently have a USB token or an App on your phone that generates a certain digit password that you use with a known Pin number, this is still very secure. It is only when using a text message to your phone where the vulnerability comes in.

Need help finding ways to reduce business costs? Our FREE eBook has the answer.Learn more here