Cygilant Blog

SMS Not Recommended for Two-Factor Authentication Says NIST

Posted by Trevan Marden on Jul 29, 2016

In recent years, two-factor authentication has rapidly become a standard best practice for securing accounts. One of the most common ways to implement this is through SMS messages sent to a cell phone. For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account.  That sounds good. But, recently, flaws in the SMS system have been uncovered that render this method of two-factor authentication inadvisable. In fact, the National Institute of Standards and Technology (NIST) will recommend against its use as a two-factor method.

EiQ Networks in The Wall Street Journal

Posted by Shawn O'Brien on Sep 30, 2015


Continuous security monitoring has become the new norm for employers as they battle today's growing cyber security threats. Not only do they have to worry about threats from the outside, they have to be concerned about internal risk from employees as well. With so much to do in IT security already, how can employers alleviate some of the burdens? Working with EiQ Networks is an optimal way to resolve your company's IT security concerns because we have the right people, process, and technology in place to make it happen.

Securing Government Agencies at the Core

Posted by Vijay Basani on Jun 25, 2014

EiQ has been a longstanding provider to the government departments and agencies. We know that many government agencies and divisions are working on overtime to meet fundamental security standards outlined in the DISA’s Security Technical Implementation Guides (STIGs), NIST Special Publication 800-53, 8500.2, and AR25.2.   There’s no wonder why. A combination of insufficient or long-awaiting funding, political bickering, lack of clarity in the guidance and the lack of a real timeline for implementation has caused a lot of confusion and waste in time and money.  There is also so much hype around new technologies that will protect from the latest threat. Just considering what’s in the market now is full time job takes time and attention away from basic infrastructure management. Every week a new firewall, anti-malware, anti-spam, APT, AV, IPS promise to mitigate risk, thwart attack.

Most Recent Posts

Subscribe to Email Updates