I’ve always thought SMS-based 2FA had a funny smell. Even before hearing that SS7 is fucked.
I wonder how hard it is to integrate Google Authenticator into your service. I can understand why they wouldn’t want to rely solely on it but I’d use it everywhere it’s available.
