NIST.SP.800-63C is a National Institute of Standards and Technology Best Current Practice for Digital Identity Guidelines for Federation and Assertions

NIST.SP.800-63C recommendation and its companion documents, NIST.SP.800-63, NIST.SP.800-63A, and NIST.SP.800-63B, provide technical guidelines to Credential Service Providers for the implementation of remote authentication.

NIST.SP.800-63C includes that SMS Deprecated#

Short Message Service (SMS) should no longer be used in two-factor authentication (2FA).

There are problems with the security of SMS delivery, including:

In many countries it is unfortunately far too easy for criminals to convince a Mobile Device store to transfer someone’s phone number to a new SIM and therefore hijacking all their text messages.

More Information#

There might be more information for this subject on one of the following: