SMS Two-Factor Auth Is Broken; The Rest of 2FA Is Fine
A SIM swap attack stole someone's bank access in under 10 minutes. The lesson is not that two-factor authentication is useless. It is that SMS is the wrong channel and always was. App-based TOTP and hardware keys sit entirely outside the SIM swap threat model.
By Devon Reyes · 3 min read