One of the most common ways of using two-factor authentication (2FA) is by having a code sent via SMS. The US National Institute for Standards and Technology, which sets the standards for authentication software, is now saying that using SMS is not secure and that those who are using this method will have to figure out another way.
While the NIST guidelines cannot be forced, most major companies do follow them. This suggests that Apple will more than likely drop SMS authentication altogether.
Apple’s current options for authentication are:
- a code sent to a trusted device (iPhone, iPad, iPod Touch or Mac)
- a phone call to a trusted phone number
- a code sent by SMS to a trusted phone number
As most of us know, Apple introduced a new authentication method in iOS 10 and macOS Sierra. Apple’s current method used in iOS 9 and OS X El Capitan is two-step verification. With the new method, two-step authentication, SMS is bypassed altogether.