Is the SMS as identification soon out?

In the latest draft of its Authentication Guideline, the U.S. National Institute for Standards and Technology classifies SMS use as additional identification as not secure. Alternatives are entering the market.

© depositphotos

For security reasons, anyone who conducts their financial transactions via the virtual bank counter on their computer has to "identify" themselves several times when logging in. The Short Message Service (SMS) is still widely used as an additional form of identification. But not only for e-banking: SMS is also used for other applications with sensitive data. But according to Martin Fabini of the IT company ti&m the disadvantages of this identification are obvious. Fabini justifies this with the following "list of shortcomings": The mobile network as a transmission channel is insecure and the encryption is inadequate - it is at the level of 1999. In addition, an error-prone user input of the SMS code for reconfirmation opens the door to compromise of the procedure.

For Fabini, it's clear that the industry has the Recommendations of the US National Institute for Standards and Technology will follow. His IT company therefore assumes that the SMS procedure will become massively less important as a second means of identification.

Secure Voice biometrics as an alternative

As an alternative, the provider's experts therefore advocate a procedure that solves these weaknesses by scanning a QR code and then sending the token back in highly encrypted and automatic form. In addition, the local key material on the mobile device is secured by PIN or fingerprint. What's more, access to the key material can now also be secured using "voice biometrics". Just like fingerprints or the iris of the eye, each person's voice is unique. But the big advantage of "voice" over the other biometric methods is that you don't need a terminal device with a fingerprint scanner or a camera to identify yourself, writes ti&m. In addition, the voice identification process in e-banking takes place at the bank and not at the customer. Indisputably, this reduces opportunities for manipulation. (rs)

For more info: https://9to5mac.com/2016/07/26/sms-too-insecure-for-2fa/

(Visited 46 times, 1 visits today)
h2> More articles on the topic

SECURITY NEWS

Bleiben Sie informiert über aktuelle Sicherheitsthemen – praxisnah und zuverlässig. Erhalten Sie exklusive Inhalte direkt in Ihren Posteingang. Verpassen Sie keine Updates.

Jetzt anmelden!
anmelden
You can unsubscribe at any time!
close-link