SMS 2FA was put behind the paywall - ostensibly because they saw "bad actors" abusing it, but more likely because it costs money to send text messages and they're bleeding like a stuck pig thanks to Musk.
Also non sms 2FA is much more secure. Telecoms are famous for garbage security. There are naughty places on the web where you can essentially buy the privilege of taking over a targeted phone number courtesy of a compromised employee account. For instance T-mobile has reported major widescale breaches in 2023 and purportedly small scale breaches where an employee account is taken over and used to essentially sell control of customers phone number are much more common to the point there was a telegram channel set up specifically for this purpose and hearing "T-Mobile Up" was a common occurrence.
I have for instance entirely disabled SMS 2FA wherever possible and strongly prefer my yubikey.
michaelmrose|2 years ago
I have for instance entirely disabled SMS 2FA wherever possible and strongly prefer my yubikey.