jspωiki
NIST.SP.800-63C
Your trail: 

Overview#

NIST.SP.800-63C is a National Institute of Standards and Technology Best Current Practice for Digital Identity Guidelines for Federation and Assertions

NIST.SP.800-63C recommendation and its companion documents, NIST.SP.800-63, NIST.SP.800-63A, and NIST.SP.800-63B, provide technical guidelines to Credential Service Providers for the implementation of remote authentication.

NIST.SP.800-63C includes that SMS Deprecated#

Short Message Service (SMS) should no longer be used in two-factor authentication (2FA).

There are problems with the security of SMS delivery, including:

  • malware that can redirect text messages
  • attacks against the mobile phone network (such as the so-called SS7 hack)
  • Phone Number Portability Exploit
  • Phone ports, also known as SIM swaps, are where your mobile provider issues you a new SIM card to replace one that’s been lost, damaged, stolen or that is the wrong size for your new phone.
In many countries it is unfortunately far too easy for criminals to convince a mobile phone store to transfer someone’s phone number to a new SIM and therefore hijacking all their text messages.

More Information#

There might be more information for this subject on one of the following:
This page (revision-13) was last changed on 21-Feb-2017 11:17 by jim Top

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News


Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Donation for LDAPWiki


Active Sessions60
Uptime33d, 6h 34m 0s
Number of pages15380

JSPWiki v2.10.1
jspωiki
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!
JSPWiki v2.10.1