SMS is not a second factor, despite many companies pretending that it is. I am alarmed at the number of large companies (especially banks!) that just blindly and stupidly follow the outdated advice of using SMS messages as 2FA.
So, MFA is great, if it is really multi-factor: TOTP through Authy or Google Authenticator, U2F or WebAuthn through a hardware key like a YubiKey.
SMS is not a second factor, despite many companies pretending that it is. I am alarmed at the number of large companies (especially banks!) that just blindly and stupidly follow the outdated advice of using SMS messages as 2FA.
So, MFA is great, if it is really multi-factor: TOTP through Authy or Google Authenticator, U2F or WebAuthn through a hardware key like a YubiKey.