The University of SydneyPage 3Recap of Week 6–Exercise 10–What is the NIST recommendation in using SMS based authentication, e.g. one-timecode delivered over SMS?–“Currently, authenticators leveraging the public switched telephone network, including phone-and Short Message Service (SMS)-based one-time passwords (OTPs) are RESTRICTED.”•To account to the evolving threats, NIST places certain additional restrictions on authenticator types, specific classes or instantiations.
User manually enters OTC for authenticationUser initiates loginService generates OTCSMS with OTC
Validates OTC by the service1534Telco Service Providers2