G Suite administrators can now prevent enterprise users from using SMS and voice codes as their second authentication/verification factor for accessing their accounts.
The ability to disable those two options will be made available in the next two weeks to admins using any of the G Suite editions.
Why and how?
It has been known for quite a while that additional authentication via SMS and voice codes is the least secure option for 2-factor authentication, as the method is vulnerable to malware attacks (e.g., malicious apps), social engineering (e.g., an attacker convinces the mobile operator to redirect the traffic meant for the victim’s mobile phone to the attacker’s device), and attacks exploiting flaws in telephony signaling protocols.
