Hacker News new | past | comments | ask | show | jobs | submit login

Surprised nobody has mentioned NIST SP 800-63B §5.1.3.3.

SMS based authentication is explicitly insecure and not allowed.

https://pages.nist.gov/800-63-3/sp800-63b.html#pstnOOB




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: