Two-factor authentication, using a phone call or SMS text as the second factor, seemed like such a neat idea. But it turned out to be far too easy to hack. And here’s the proof <https://arstechnica.com/information-technology/2018/08/password-breach-teaches-reddit-that-yes-phone-based-2fa-is-that-bad/>: The 2FA protecting the Reddit accounts, however, relied on OTPs sent through SMS messages, despite reports over the years (such as this one <https://arstechnica.com/information-technology/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/>) that make it amply clear they are susceptible to interception. Seems like the only reasonable option for a second authentication factor is dedicated hardware security keys.