The National Institute of Standards and Technology, which publishes guidelines, recently confirmed something security professionals have been saying for a number of years, that SMS is not totally protected.

SMS is really a vulnerable two-factor authentication method, pointed out Michael Lynch, chief strategy officer for Boston-based digital device intelligence company InAuth. "SMS is frequently targeted by fraudsters especially when it is used as some type of one time code or verification."

NIST, the non-regulatory agency of the Commerce Department, specifically singled out risk of SMS when used in 2FA in its latest draft of the Digital Authentication Guideline. NIST stated that SMS messages are vulnerable to interception and redirection. NIST made it clear in a blog that it was not yet banning use of SMS, only discouraging its use. The final guidelines, however, might discourage the use of SMS-based authentication for out-of-band verification

Continue Reading for Free

Register and gain access to:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).