Since two-factor authentication became the norm for web services that care about securing your accounts, it’s started to feel like a security blanket, an extra layer keeping your data safe no matter whether your password is as strong as 8$&]$@I)9[P&4^s or as dumb as dadada.
But a two-factor setup—which for most users requires a temporary code generated on, or sent to, your phone in addition to a password—isn’t an invincibility spell. Especially if that second factor is delivered via text message. The last few months have demonstrated that SMS text messages are often the weakest link in two-step logins.
