[lrvick]

The threats against SMS are not advanced. ESN porting attacks are still -easy- in the US and I have personally had to be a first responder due to an administrator at an employer being hit by it. Suddenly you lose your 2FA backup to everything and an attacker resets all your passwords and takes over all your accounts.

Any aging windows XP machine at a corner cell phone store has permission to port your number.

Even if that gets fixed, in the USA all cell service providers are required to retransmit a message with A5/1 encryption if asked which can be intercepted and decrypted with wireshark, a $20 USB TV tuner, and 2TB of disk space for rainbow tables.

Seriously SMS is downright dangerous as a 2FA method and it is idiotic that vendors support it as a password reset method.

You are better off using nothing at all over SMS to avoid a remote account takeover... or use something that -can't- be remotely stolen like a hardware TOTP/U2F device.