SMS as a two-factor authentication method will soon be discouraged, according to draft guidelines from US standards body.