SMS-based two-factor authentication may be headed out the door
SMS messaging for two-factor authentication might become a thing of the past. A U.S. federal agency is discouraging its use.
The National Institute of Standards and Technology is pushing for the change. Its latest draft of its Digital Authentication Guideline, updated on Monday, warns that SMS messages can be intercepted or redirected, making them vulnerable to hacking.
Many companies, including Twitter, Facebook, and Google, as well as banks, already use the phone-based text messaging to add an extra layer of security to user accounts.
It works like this: To access the accounts, the user not only needs the password, but also a secret code sent by the company by text message. Ideally, these one-time passcodes are sent to a designated phone number to ensure no one else will read them.