Technology marches on.

/Technology marches on.

So you know all those multifactor login thingies that want to send you an SMS to your phone with a code you have to type in? Yeah, they’re on the way out. Well, sort of.

The gist here is that sending one-time codes over SMS relies on the notion that SMS messages aren’t easy to intercept, either out of the air or on the target’s phone. That’s not as true as it used to be, hence NIST is recommending SMS-based OTPs be replaced by alternate systems (e.g. soft- or hardtokens).

That being said, no security system is perfect, and SMS-based multifactor is certainly better than no multifactor at all, so. Yanno. Get on that.

2016-12-07T09:53:49+00:0015th December, 2016|Tags: infosec|


  1. Vickie 16th December, 2016 at 9:56 am

    As a user with only surface understanding of SMS-based authentication, I didn’t mind it — until I went overseas and swapped an overseas sim card to the phone, but needed to recharge to activate said overseas sim card, but my bank sent a code to my original sim card, but I couldn’t take out overseas sim card to plug original sim card back in because I had to recharge overseas sim card… Ended up using my spare phone to complete the process. Contemplated getting a dual-sim phone for travel.

    Technology is for rich people.

    (Comment totally missed the point of the article.)

    • Alis 17th December, 2016 at 8:52 am

      It is a pain when travelling, yeah. Which TBH is probably also one of the reasons NIST deprecated it in favour of things like hard- and soft-tokens.

Comments are closed.