Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html
NIST is no longer recommending two-factor authentication systems that use SMS, because of their many insecurities. In the latest draft of its Digital Authentication Guideline, there’s the line:
[Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance.