This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NIST.SP.800-63C
NIST.SP.800-63C

Version management

Difference between version and

At line 1 added 20 lines
!!! Overview
[{$pagename}] is a [National Institute of Standards and Technology] [Best Current Practice] for [Digital Identity] Guidelines for [Federation] and [Assertions]
[{$pagename}] recommendation and its companion documents, [NIST.SP.800-63], [NIST.SP.800-63A], and [NIST.SP.800-63B], provide technical guidelines to [Credential Service Providers] for the implementation of remote [authentication].
!! [{$pagename}] includes that [SMS] [Deprecated]
[Short Message Service] ([SMS]) should no longer be used in [two-factor authentication (2FA)|Multi-Factor Authentication].
There are problems with the security of [SMS] delivery, including:
* [malware] that can redirect text messages
* [attacks] against the mobile phone network (such as the so-called [SS7 hack])
* [Phone Number Portability] [Exploit]
* Phone ports, also known as [SIM Swaps], are where your [Mobile Network Operator] issues you a new [SIM] card to replace one that’s been lost, damaged, stolen or that is the wrong size for your new phone.
In many countries it is unfortunately far too easy for criminals to convince a [Mobile Device] store to transfer someone’s phone number to a new SIM and therefore hijacking all their text messages.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [800-63-3|https://github.com/usnistgov/800-63-3/tree/post-public-comment/sp800-63c|target='_blank'] - based on information obtained 2016-07-09
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop