The US National Institute for Standards and Technology is updating its Digital Authentication Guideline <http://www.theregister.co.uk/2016/07/24/nist_says_sms_no_good_for_authentication/>. Responding to recent cases where SMS-based two-factor authentication systems were hijacked to rack up charges on premium-rate phone numbers, it is now saying that sending a text message is no longer good enough. At least the service sending the messages needs to be sure they are going to a real mobile phone. Interestingly, it is posting review documents on GitHub, as an addition to the usual publication channels.