Overview#
NIST.SP.800-63C is a National Institute of Standards and Technology Best Current Practice for Digital Identity Guidelines for Federation and AssertionsNIST.SP.800-63C recommendation and its companion documents, NIST.SP.800-63, NIST.SP.800-63A, and NIST.SP.800-63B, provide technical guidelines to Credential Service Providers for the implementation of remote authentication.
NIST.SP.800-63C includes that SMS Deprecated#
Short Message Service (SMS) should no longer be used in two-factor authentication (2FA).There are problems with the security of SMS delivery, including:
- malware that can redirect text messages
- attacks against the mobile phone network (such as the so-called SS7 hack)
- Phone Number Portability Exploit
- Phone ports, also known as SIM Swaps, are where your Mobile Network Operator issues you a new SIM card to replace one that’s been lost, damaged, stolen or that is the wrong size for your new phone.
More Information#
There might be more information for this subject on one of the following:- Assertion
- Attribute references
- Federation
- Level Of Assurance
- NIST.SP.800-63
- NIST.SP.800-63-3
- Web Blog_blogentry_100916_1