Please create an account to participate in the Slashdot moderation system


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

NIST Prepares To Ban SMS-Based Two-Factor Authentication ( 133

An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."

Comment Re:Encryption (Score 1) 314

Incorrect. Prolonged (non-routine) detentions must be based on reasonable suspicion. Even then, the duration of the detention must be limited to the time necessary to confirm or dispel that suspicion. And even if there is reasonable suspicion, under no circumstances can the duration exceed 48 hours without a judicial hearing.

Exactly. So expect to spend 47 hours and 59 minutes in jail and don't expect and apology after you pay a lawyer to help get you out.

Comment Re:They sound completely insane (Score 2) 326

I think of this a lot when I hear about atheism really "catching on." I wonder what percentage of the population has always thought the whole thing was nonsense and never wanted to spend the social capital (or the time in prison, depending on the culture) to say anything about it. That's why I can't really get all riled up about the "militant atheists" who supposedly mess everything up. The key service they offer is to provide cover to atheists to be honest about not believing.

It's also just like gay rights: Everybody hated gay people when nobody knew any of them. As soon as everybody had a totally normal friend who admitted to being gay, we stopped thinking it was a great idea to kick them around, resulting in more people coming out. We didn't just suddenly create a bunch of gay people over the course of a generation.

Comment Re:They sound completely insane (Score 5, Insightful) 326

Here's something I've often wondered: If you have a custom of throwing people who don't believe in the volcano god into a volcano, how long will it take after everybody stops believing in the volcano god for somebody to ask, "So do we all really still believe this stuff?"

I'm thinking it might be a pretty long time.

Comment Re:Consciousness is not the same thing as free wil (Score 1) 280

It's only in the last decade or so that experiments have shown our thoughts can and do have a strong influence on of the dna that builds and maintains the brain and nervous system. In other words our thoughts can turn our genes on and off, when it gets the switches stuck in a self-destructive combination it drives us towards extreme behaviours which we call "mental illness". Philosophically I think Hofstadter's "I am a strange loop" and "Godel, Escher, Bach" present the most convincing model of consciousness as an emergent property of the mind boggling complexity of the feedback mechanisms in a living organism. He also makes a very strong case for the impossibility of a mind that's even theoretically capable of fully understanding itself.

Comment Re:Somebody didn't get the memo... (Score 1) 280

Well said, I would actually be more concerned if radiologists never found any systematic errors in their models. From the summary it sounds like a very interesting experiment, I think the "free will" angle is just click bait. What they appear to have done is use a clever mental trick to help them understand how the brain responds to and controls the two big optical sensors hanging off the front of it

Comment Re: Why not? (Score 2) 351

Actually, a lot of the more popular effective ones a pretty benign to humans. Roundup has very low acute toxicity and "may" cause cancer with heavy, chronic exposure (kind of like coffee and sawdust). The Bt toxin that everybody freaks out about in GMO plants is extremely specific and has a "natural" origin--so much so that organic farmers use it on their crops. It only becomes Satan incarnate when non-organic farmers use it.

Comment Re: So what is YOUR plan? (Score 4, Insightful) 406

Hopefully the desire to usher in the apocalypse is not shared by mainstream Republicans.

Unfortunately the same desire is shared by more than a few republicans, they call it "the rapture". Their christian god lifts them to heaven while everyone else burns, apparently the same god told muslims a different story.

Comment Re:How good are the visual sensors on cop killbots (Score 2) 983

There are good people and bad people, good cops and bad cops, good programmers and bad programmers. How about we quit painting with such a broad brush?

Programmers aren't generally required to police other programmers, and the job description for "black person" doesn't entail policing other black people. The job description for "police officer" does include enforcing the law, and they do an appallingly bad job of that when the person committing the crime is another police officer. Obviously, that doesn't mean it's morally right to shoot random police officers, but there absolutely is culpability far beyond the "few bad apples" who actually get caught doing bad things.

It always kind of amazed me that the police unions use the phrase "a few bad apples" all the time to describe those guys. Do they not know what the rest of that fucking saying is and what it means?

Slashdot Top Deals

Maternity pay? Now every Tom, Dick and Harry will get pregnant. -- Malcolm Smith