Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1679
Views
0
Helpful
1
Replies

NIST Shouted, Who Listened? Analyzing User Response to NIST's Guidance on SMS 2FA Security

aielder
Cisco Employee
Cisco Employee

‎12-02-2016 08:54 AM

In late July 2016, SMS was formally declared undesirable and not recommended by National Institute of Standards and Technology (NIST). While not enough time has passed to draw a definitive conclusion, it appears Duo SMS-based authentications have not declined significantly despite this declaration. It’s encouraging, however, that Duo Push (a more user-friendly and secure method) has been consistently increasing in use. Duo also encourages U2F as more services begin to support it as a secondary authentication method.

Click here for further information about NIST’s recommendations, see data from Duo and more in this blog by Mayank Saha.

Labels:
0 Helpful
1 Reply 1

ajcutler53
Level 1
Level 1

‎12-13-2016 07:20 AM

When I read about the NIST recommendation on SMS in late July, I contacted DUO to make sure they were aware, and then removed SMS authentication as an option for our 500+ DUO users.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents