NIST Declares Two-Factor Authentication Using SMS Texts Insecure

By eWEEK Staff  |  Posted 2016-07-28 Print this article Print

DAILY VIDEO: NIST says SMS-based two-factor authentication isn't secure; the UK approves Amazon's plan to run delivery drone tests banned in the U.S.; IBM bolsters its all-flash storage lineup with DeepFlash 150; and there's more.

Czech Police Arrest Alleged LinkedIn Hacker

DAILY VIDEO: Czech police apprehend alleged LinkedIn hacker; Intel gets a boost in lengthy appeal of...

Yahoo's Earnings Exceed Expectations but Ad Revenue Still Eroding

DAILY VIDEO: Yahoo's earnings report shows ad revenue is still eroding; Intel's record Q3 revenue is...

Snowden Offers Grim Assessment of State of Internet Security, Privacy

DAILY VIDEO: Edward Snowden gives his take on security...

FAA's Samsung Galaxy Note7 Flight Ban Poses Challenges for Travelers

DAILY VIDEO: FAA's Samsung Galaxy Note7...

Salesforce No Longer Plans to Pursue Twitter Acquisition

DAILY VIDEO: Salesforce withdraws from contention to acquire Twitter; HP to cut another 3,000 to...

Samsung Releases Details on How to Exchange Defective Note7 Phones

DAILY VIDEO: Samsung releases Note7 return details following its recall; what the new update process...

HP, Lenovo Vie for Top Spot in a Consolidating Global PC Market

DAILY VIDEO: HP closes in on Lenovo in a consolidating global PC market; Intel launches its first...

Samsung Permanently Halts Note7 Smartphone Production

DAILY VIDEO: Samsung ends Note7 smartphone production permanently after fires; Odinaff Trojan is...

U.S. Claims Russia Was Behind Election System, DNC Hacks

DAILY VIDEO: The U.S. blames Russia for hacking election systems and DNC; more plaintiffs join Apple...

Samsung Note7 Fire in Southwest Airlines Jet Under Investigation

DAILY VIDEO: Samsung investigating Note7 fire in Southwest Airlines jet; how Yahoo handled government...

Read more about the stories in today's news:


Today's topics include a government agency's report that two-factor authentication via SMS is insecure, the United Kingdom's decision to allow Amazon to test its drone delivery service, the newest addition to IBM's all-flash storage offerings and Edward Snowden's idea for a mobile phone case that guards against electronic snooping.

While Google has encouraged users to enable two-step authentication within Google Apps, to add "an extra layer of security," the U.S. National Institute of Standards and Technology updated it Digital Authentication Guidelines July 27 and now reports that two-factor verification over SMS isn't secure and should be banned.

The institute wrote, “If the out-of-band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VOIP (or other software-based) service.

"It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change."

NIST does approve, however, of authentication via multi-factor one-time passwords, where the second authentication factor is biometric, like a fingerprint, or input with an entry pad or interface such as through a USB port.

Amazon and British aviation authorities have reached agreement on a series of tests of drones designed to deliver packages to customers.

The new drone tests will include operations beyond the line of sight of the operator, which currently is prohibited in the United States. Other tests will include sensor performance to test whether the drones can see and avoid obstacles, and tests on how well one operator can control multiple drones.

Amazon plans to try out a number of different drone designs and delivery mechanisms, said Kristen Kish, an Amazon spokesperson. However, she wasn't willing to go into too many details about the company's research.

A year and a half ago, IBM announced its commitment to developing its own NAND flash storage lineup by investing a full $1 billion into research and development for this storage technology.

The results of that initiative continue to emanate from Armonk, N.Y., and they will for a while to come. Big Blue on July 26 unveiled its latest all-flash array, the DeepFlash 150, designed to process big data workloads in a cost-effective manner. With the DeepFlash 150, IBM now offers a flash array portfolio that covers almost all types of workloads.

Edward Snowden, the fugitive former National Security Agency contractor who is wanted in the U.S. for leaking classified U.S. government information about the agency's operations and capabilities in 2013, is now at work designing a special iPhone 6 case that aims to prevent data interception by snoopers, such as governments' spy agencies.

Snowden, along with colleague Andrew "bunnie" Huang, recently unveiled – by teleconference - the special case concept at a one-day "Forbidden Research" conference at the Massachusetts Institute of Technology's Media Lab.

Snowden proposes the special case to help protect high-profile journalists from being spied upon by foreign governments as they cover stories, the story reported.

The special case is essentially a protective hardware device that would wrap around an iPhone and "alert a person whenever that handset leaked location data.”


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel