What Are the Alternatives to SMS Codes for Digital Security?

August 1, 2016 - 2 minutes read

Well, it’s happened — the hackers have gotten into the text messages. According to a new report from the National Institute of Standards and Technology, SMS codes are no longer sufficiently safe for use in two-factor authentication. This is big news for web and app developers alike, as the symbiotic relationship between our phones and desktops has been the go-to top security measure for users for some time now.

The question for app developers is: what are the alternatives? And what role will mobile play in the future of web security?

First, let’s quickly go over why NIST suggests phasing them out at all. First, the security of VoIP has become a concern. Long story short, VoIP providers aren’t all secure, so any message going over them is relying on their level of security for safety. Second, there’s a concern that SIM card spoofing can make it easy for hackers to acquire codes by navigating a carrier’s call center and impersonating the target user. Still an extra “step” in the hacking process, but not 100% secure.

Unfortunately, there’s no real “standard” that’s emerged outside of SMS codes for two-factor authentication. There are, however, some stronger methods that make hacking incidents much less likely.

Time-based codes are the strongest contender. Google is already doing this, with the Google Authenticator app. (Dongles are also sold for generating and confirming time-based codes, but for most users extra hardware isn’t a realistic option.) App developers can also be credited with using the built-in push notifications system on smartphones to generate more secure codes — as opposed to a plain SMS.

Ultimately, more security always means more hassle. Some users are even opting to use multi-factor authentication rather than rely on just an SMS to confirm their identity. The takeaway for NYC iPhone app developers is that security is a top concern for users. Don’t hesitate to add advanced security options to the settings — more users than you think will spend the time to use them.

Tags: , , , , , , , , , , , , , , , , , , ,