{"id":364,"date":"2016-08-15T11:09:46","date_gmt":"2016-08-15T11:09:46","guid":{"rendered":"https:\/\/eset-blog.aist.fun\/nist-its-time-move-on-from-sms-2fa\/"},"modified":"2019-05-29T12:33:08","modified_gmt":"2019-05-29T12:33:08","slug":"nist-its-time-move-on-from-sms-2fa","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/","title":{"rendered":"NIST: It\u2019s time move on from SMS 2FA"},"content":{"rendered":"

SMS-based two-factor authentication (2FA) should be phased out, according to the National Institute of Standards and Technology (NIST) at the US Department of Commerce.<\/p>\n

In its most recent Digital Authentication Guideline<\/a> \u2013 draft version \u2013 the federal technology agency explained that this is because there are risks with this approach.<\/p>\n

NIST stated that as SMS messages can be \u201cintercepted and redirected\u201d, SMS 2FA will not be as secure as it should be.<\/p>\n

\u201cImplementers of new systems should carefully consider alternative authenticators,\u201d it advised.<\/p>\n

This includes 2FA that uses one-time passwords (OTP), as well as hard token or push authentication.<\/p>\n

As ESET\u2019s senior research fellow David Harley has previously stated<\/a>: \u201cOne-time passwords<\/a> and tokens are much more secure, especially when implemented in hardware as a two-factor authentication measure.\u201d<\/p>\n

Recognition of 2FA\u2019s value is increasing throughout the world, with more and more organizations looking to invest in this additional layer of security.<\/p>\n

In recent years, well-known technology firms, such as Apple, Twitter, Google, Facebook andSnapchat<\/a> have been advocating the use of 2FA.<\/p>\n

It\u2019s important to remember that 2FA still requires users to be vigilant and ensure that their devices and accounts have strong and complex passwords in place.<\/p>\n

In fact, in place of passwords, individuals should consider passphrases \u2013 \u201clonger, more complex and easy to remember<\/a>\u201d, they are harder to crack.<\/p>\n

Source: WeLiveSecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

SMS-based two-factor authentication (2FA) should be phased out, according to the National Institute of Standards and Technology (NIST) at the US Department of Commerce. In its most recent Digital Authentication Guideline \u2013 draft version \u2013 the federal technology agency explained that this is because there are risks with this approach. NIST stated that as SMS messages<\/p>\n","protected":false},"author":5,"featured_media":1700,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[162],"tags":[],"class_list":["post-364","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"yoast_head":"\nNIST: It\u2019s time move on from SMS 2FA - ESET Eesti Blogi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIST: It\u2019s time move on from SMS 2FA\" \/>\n<meta property=\"og:description\" content=\"SMS-based two-factor authentication (2FA) should be phased out, according to the National Institute of Standards and Technology (NIST) at the US Department of Commerce. In its most recent Digital Authentication Guideline \u2013 draft version \u2013 the federal technology agency explained that this is because there are risks with this approach. NIST stated that as SMS messages\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2016-08-15T11:09:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-05-29T12:33:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Csehak-Szabolcs-623x432.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"623\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"NIST: It\u2019s time move on from SMS 2FA\",\"datePublished\":\"2016-08-15T11:09:46+00:00\",\"dateModified\":\"2019-05-29T12:33:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/\"},\"wordCount\":231,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Csehak-Szabolcs-623x432.jpg\",\"articleSection\":[\"news\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2016\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/\",\"name\":\"NIST: It\u2019s time move on from SMS 2FA - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Csehak-Szabolcs-623x432.jpg\",\"datePublished\":\"2016-08-15T11:09:46+00:00\",\"dateModified\":\"2019-05-29T12:33:08+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Csehak-Szabolcs-623x432.jpg\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/Csehak-Szabolcs-623x432.jpg\",\"width\":623,\"height\":432},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIST: It\u2019s time move on from SMS 2FA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2016\\\/08\\\/15\\\/nist-its-time-move-on-from-sms-2fa\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NIST: It\u2019s time move on from SMS 2FA - ESET Eesti Blogi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/","og_locale":"en_US","og_type":"article","og_title":"NIST: It\u2019s time move on from SMS 2FA","og_description":"SMS-based two-factor authentication (2FA) should be phased out, according to the National Institute of Standards and Technology (NIST) at the US Department of Commerce. In its most recent Digital Authentication Guideline \u2013 draft version \u2013 the federal technology agency explained that this is because there are risks with this approach. NIST stated that as SMS messages","og_url":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2016-08-15T11:09:46+00:00","article_modified_time":"2019-05-29T12:33:08+00:00","og_image":[{"width":623,"height":432,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Csehak-Szabolcs-623x432.jpg","type":"image\/jpeg"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"NIST: It\u2019s time move on from SMS 2FA","datePublished":"2016-08-15T11:09:46+00:00","dateModified":"2019-05-29T12:33:08+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/"},"wordCount":231,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Csehak-Szabolcs-623x432.jpg","articleSection":["news"],"inLanguage":"en-US","copyrightYear":"2016","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/","url":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/","name":"NIST: It\u2019s time move on from SMS 2FA - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Csehak-Szabolcs-623x432.jpg","datePublished":"2016-08-15T11:09:46+00:00","dateModified":"2019-05-29T12:33:08+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Csehak-Szabolcs-623x432.jpg","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/Csehak-Szabolcs-623x432.jpg","width":623,"height":432},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"NIST: It\u2019s time move on from SMS 2FA"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2016\/08\/15\/nist-its-time-move-on-from-sms-2fa\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=364"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/364\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/1700"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}