Overview#NIST.SP.800-63C is a National Institute of Standards and Technology Best Current Practice for Digital Identity Guidelines for Federation and Assertions
NIST.SP.800-63C recommendation and its companion documents, NIST.SP.800-63, NIST.SP.800-63A, and NIST.SP.800-63B, provide technical guidelines to Credential Service Providers for the implementation of remote authentication.
NIST.SP.800-63C includes that SMS Deprecated#Short Message Service (SMS) should no longer be used in two-factor authentication (2FA).
There are problems with the security of SMS delivery, including:
- malware that can redirect text messages
- attacks against the mobile phone network (such as the so-called SS7 hack)
- Phone Number Portability Exploit
- Phone ports, also known as SIM swaps, are where your mobile provider issues you a new SIM card to replace one that’s been lost, damaged, stolen or that is the wrong size for your new phone.