The National Institute of Standards and Technology (NIST) of USA κυκλοφόρησε την τελευταία έκδοση του σχεδίου Ψηφιακής Αυθεντικοποίησης που συμπεριλαμβάνει κατευθυντήριες γραμμές για περισσότερη ασφάλεια στο διαδίκτυο. Η νέα έκδοση προαναγγέλλει την μελλοντική απαγόρευση της μεθόδου control ID cardς two factors using SMS (SMS Two Factor Authentication or 2FA).
The new Digital Authentication Guideline (DAG) is a set of rules that are used by software manufacturers to build secure services, as well as government and private agencies to evaluate service and software security.
NIST experts constantly update the guidelines in an effort to keep up with the changes in the IT field.
According to the latest version of the Digital Authentication Guideline (DAG), NIST officials seem to discourage companies from using two-way authentication via SMS, saying SMS 2FA could be considered unsafe in future versions of DAG.
NIST DAG argues that two-factor authentication using SMS is a precarious process because the phone may not always be owned by its owner.
Also, because some VoIP services allow piracy of SMS messages, NIST officials encourage software vendors using 2FA SMS systems to control VoIP connections before sending an 2FA code.
SMS as a protocol is widely considered unsafe. From time to time we have read many weaknesses in the SMS protocol that allow data to be intercepted.
