The National Institute of Standards and Technology (NIST) released the latest version of the Digital Authentication Plan, including guidelines for more safety on the Internet. The new version announces the future ban on the two-factor authentication method using SMS (SMS Two Factor Authentication or 2FA).
The new Digital Authentication Guideline (DAG) is a set of rules used by manufacturers software to build secure services, as well as by government and private entities to assess the security of services and software.
NIST experts constantly update the guidelines in an effort to keep up with the changes in the IT field.
According to the latest version of the Digital Authentication Guideline (DAG), NIST officials seem to discourage companies from using two-way authentication via SMS, saying SMS 2FA could be considered unsafe in future versions of DAG.
The NIST DAG claims that the control Two-factor authentication using SMS is a risky process because the phone may not always be in the possession of its owner.
Also because some VoIP services allow SMS messages to be intercepted, NIST officials encourage software vendors that use SMS 2FA systems to audit VoIP connections before Mission one code 2FA.
SMS as a protocol is widely considered unsafe. From time to time we have read many weaknesses in the SMS protocol that allow data to be intercepted.