BigWP Security Keys
1 like535 views
The document discusses guidelines for the use of telephone numbers for out-of-band authentication. It states that using the public switched telephone network (PSTN) for out-of-band verification is restricted, and if used the verifier must confirm the number is associated with a specific device. It also notes that verifiers should watch for risk indicators like device swaps before using the PSTN to deliver authentication secrets. Changing a pre-registered number is considered binding a new authenticator and can only be done as described in the guidelines.
BigWP Security Keys
- 6. know
- 7. are
- 8. have
- 23. NIST Special Publication 800-63BDigital Identity Guidelines Authentication and Lifecycle Management
- 24. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
- 25. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
- 26. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
- 27. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
- 36. os in-browser u2f support macOS iOS Linux Android Windows USB ✔ ✘ ✔ ✘ ✔ Bluetooth ✘ ✔ ✘ ✔ ✘ NFC ✘ ✘ ✘ ✔ ✘
- 44. WebAuthn
- 51. dongleauth.info
- 58. SSH
- 60. Many graphics from The Noun Project Computer by Azis; Credit card Gonzalo Bravo; Email by Bryn Taylor; Fingerprint by Ben Davis; Lock with keyhole by Brennan Novak; Nokia 3310 by Stan Fisher; Shield by Wayne Thayer; Star by Thays Malcher; Warning by Icomatic.