Skip to main content
  1. Home
  2. Mobile
  3. News

Could two-step verification through texts go the way of the dodo?

By

nest two step verification
Image used with permission by copyright holder
The number of websites and services using two-step verification to secure accounts has increased over the years — yet the National Institute of Standards and Technology’s latest proposal might put a halt to the verification method.

In its mainstream incarnation, two-step verification (also known as multi-factor authentication and two-factor authentication) works by sending you a one-time code through SMS when logging into one of your digital accounts. In theory, even if someone has your username and password, they cannot access your account without access to your phone. Two-step verification is not the end-all, be-all solution that will forever safeguard your accounts, but it has certainly proven resilient over time.

Recommended Videos

Unfortunately, recent malware like HummingBad and Stagefright shows that folks are finding more ways to remotely access your phone and your messages, thus raising concerns over two-step verification. Furthermore, as Slate points out, services like Skype and Google Voice have become more popular over the years, putting into question how secure transmission protocols used by two-step verification systems are.

Please enable Javascript to view this content

As a result, NIST suggests the use of alternative authenticators to ensure the integrity of such systems.

Related

“Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators,” reads the government agency’s draft.

Based on the language of the draft, NIST wants agencies to avoid making new investments into two-step verification systems that use SMS messages, and instead invest in alternative solutions like biometrics and apps that create one-time codes. However, the agency also warns that the use of SMS messages “may no longer be allowed in future releases of this guidance,” putting into question whether there will be an expiration date on such uses.

Michael Garcia, deputy director of authentication research program NSTIC at NIST, reaffirmed the draft’s language regarding SMS-based two-step verification systems, saying that alternative solutions should be considered if entities are at a point of reinvestment.

“We’re not saying federal agencies drop SMS, don’t use it anymore,” Garcia told Slate. “But, we are saying, if you’re making new investments, you should consider that in your decision-making.”

Overall, NIST’s draft does not mean much for people with digital accounts right now, but do not be surprised if, in time, companies like Google and Apple no longer want to send you one-time codes and, instead, opt for different, more secure methods of accessing your accounts.

Editors’ Recommendations

Topics
Williams Pelegrin
Williams Pelegrin
Former Digital Trends Contributor
Williams is an avid New York Yankees fan, speaks Spanish, resides in Colorado, and has an affinity for Frosted Flakes. Send…
I’m a longtime iPhone user. This was my favorite Android phone of 2024
Pixel 9 Pro and iPhone 16 Pro.

What a whirlwind 2024 has been for the mobile industry. We got all the usual suspects releasing their flagship phones for the year, and it was certainly an impressive slate of options.

As you may know, I’ve been an iPhone user since the original, and I’ve had every generation of iPhone, including the iPhone 16 Pro this year. But since I joined Digital Trends a couple of years ago, I’ve got my fill of Android phones, too. And this year, this is the one that stood out to me the most: the Google Pixel 9 Pro.
The pink Pro phone I was looking for

Read more
I’m giving up on Apple Photos
The Apple Photos logo on an iPhone.

A little over a year ago, I wrote about a very silly purchase that I made. I signed up for a 2TB Google One plan, even though I was already paying for a 2TB iCloud plan.

My intention was simple. I liked having all of my images in Apple Photos since I regularly use an iPhone, but I also wanted a reliable place to access all of my pictures when I use an Android phone. As such, I took it upon myself to back up and organize all my pictures across Google Photos and Apple Photos simultaneously.

Read more
Samsung’s budget Galaxy Z Flip FE will keep this spec from the Galaxy Z Flip 6
Someone holding the Samsung Galaxy Z Flip 6, showing the inner display.

The Samsung Galaxy Z Flip FE is expected to launch sometime next year, most likely toward the end of the second quarter of 2025. We don't know a lot about the budget-oriented flip phone yet except that it's expected to use the Exynos 2500 chip. Now, another leak suggests it will keep the same display as the Galaxy Z Flip 6.

Ross Young, a known tipster and supply chain analyst, responded to a comment on X and stated that the Z Flip FE would have the same panel as the Z Flip 6. For reference, that's a 6.7-inch AMOLED panel with 2640 x 1080 resolution, a 120Hz variable refresh rate, and a maximum brightness of 2600 nits.

Read more