The FIDO Alliance is urging calm as the tech world grapples with the National Institute of Standards and Technology’s proposal to designate SMS authentication as a deprecated security mechanism. In a guest post for the Alliance, FIDO advisor and Managing Director of The Chertoff Group Jeremy Grant explains that this new stance represents not a dead end for security, but progress.
As Grant points out, NIST stopped supporting the Data Encryption Standard in 2004, only to replace it with the Advanced Encryption Standard; and in 2006 it ditched the SHA-1 hash functions in favor of SHA-2. In other words, security technologies get old, and they get replaced by stronger ones. It’s a normal part of the IT security cycle, and it’s what is starting to happen with SMS.
So what will replace SMS? Grant points to the emergence of secure root systems, such as the Trusted Execution Environments that are now built into many devices; and to biometric sensors. Together, they represent “a remarkably significant development in the market”, allowing for “stronger authentication solutions that blow away legacy SMS and OTP in both security and usability.” The FIDO Alliance is advocating for these more advanced security technologies, and the market is embracing biometrics, with one recent report suggesting that in 2018, all smartphones shipped will feature such technology.
SMS is on its way out, but even stronger security is on its way in.