I find it hilarious that so many people are defending SMS-based 2-factor authentication as "good enough". In just the past month I have seen two very large YouTube channels hacked (boogie2988 and LinusTechTips) even though they were both using SMS-based 2FA. How is this possible? Two-factor authentication is supposed to be much more secure. They were with two completely different cell phone companies, but the same ridiculously simple social engineering attack was used successfully in both cases. Someone calls the cell company and says, "Hi, I'm boogie2988, I lost my phone, can you transfer my number to a new phone please?" From there it's a simple process to take over the person's accounts using 2FA, because the SMS verification now goes to the attacker's phone. This simple attack worked even though boogie2988 had already been under attack via this method for weeks and had spoken with Verizon and received specific assurances that they would protect his phone number. LinusTechTips were hacked using the same simple attack on a different cell company. The cell phone companies have shown they are totally incompetent at protecting people's phone numbers from being transferred to an attacker, therefore SMS-based 2FA has been revealed as a total joke. If you're using SMS-based 2FA you would actually be better off not using 2FA at all and just using frequently-changed and randomly-generated long passwords. It is literally safer to NOT use SMS-based 2-factor authentication.