Security News > 2022 > September > Why 2FA is failing and what should be done about it
That configuration is 2FA sent over SMS. The accounts using 2FA via a password app like Authy or Google's Authenticator have never had any problems.
2FA via an authenticator app isn't nearly as simple to crack.
Many organizations understand that getting users to enable 2FA is already a losing proposition.
No, it's not perfect, and even authy-type 2FA can be hacked, but they aren't hacked at nearly the level of SMS 2FA. Knowing that, it never ceases to amaze me that so many websites and services still depend on SMS 2FA codes.
It's time banks and other important services dropped SMS 2FA codes and migrated users to authorization app-type 2FA. What should consumers do?
Yes, there is a steeper learning curve to app-based 2FA codes, but most consumers and users would acclimate fairly quickly to the method if given a reason.