SMSで多要素認証はダメだよ (ってもう2016年のむかしはなしかw
https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html
Schneier on Security · NIST is No Longer Recommending Two-Factor Authentication Using SMS - Schneier on SecurityNIST is no longer recommending two-factor authentication systems that use SMS, because of their many insecurities. In the latest draft of its Digital Authentication Guideline, there’s the line: [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance.
最近の資料もありました (2024-12-18)
Mobile Communications Best Practice Guidance
https://www.cisa.gov/resources-tools/resources/mobile-communications-best-practice-guidance
Cybersecurity and Infrastructure Security Agency CISAMobile Communications Best Practice Guidance | CISA