Now NIST is agreeing 2FA over SMS is bad.

https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/?n...