[davros]

The article says 'hence the best solution to fix this temporaily is to disable 2FA on Google via texts or phone calls, and enable Google Authenticator based 2FA, if you think your telco may be vulnerable.' I suppose you would also need to remove any 'backup' ohone numbers or the attacker could request a 2F code to them?

[jwr]

Actually, I find it amazing that people still consider phone calls and SMS messages as trusted channels.

I fought long and hard with my bank to avoid using SMS one-time codes to confirm transactions, and I lost (stayed on paper lists of one-time codes as long as I could).