As part of Apple’s two-step authentication service it’s possible for users to confirm their identity via an SMS sent to a trusted phone number.
That is about to change, however, according to the latest draft of the Digital Authentication Guideline, which reveals that the U.S. National Institute for Standards and Technology is set to ban all SMS-based two-factor authentication systems.
The reason? That SMS is far from a secure system, since the phone it’s sent to may not be in the original owner’s possession — while the message could also be hijacked be a VoIP (Voice over Internet Protocol) service.
“[Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance,” the relevant passage of the new Digital Authentication Guideline reads.
While Apple is bound to conform to whatever the Digital Authentication Guideline lays out, it’s worth noting that this isn’t the end of its (highly useful) two-step authentication service. Instead Apple will have to confirm user’s identities with other, more secure method — such as Touch ID.