[davidcamel]

Two thoughts from reading this article:

1. Yes, "porting attacks" (where an adversary convinces your carrier to port your phone number to his/her own) are a real threat. You can mitigate these somewhat by choosing a carrier that has a relatively strong porting procedure. Project Fi (Google) requires a temporary PIN generated by the user's Fi app, as well as logging in to one's Google account. I don't know what the other carriers require today, but this is less than what I experienced when I ported my number from Sprint years ago for example.

2. The author says that 2FA is overhyped, which is maybe true, but why don't more services allow physical devices (e.g. Yubikeys) to be used for 2FA? Often the phone number is the only choice offered for 2FA.