SMS-based 2FA is really "security through obscurity". It's "good enough" (generously said) if you happen to not piss anyone off or be someone's target. Otherwise, not so much. I don't think enabling SMS-based 2FA will pose any problem for China to hack back into OPM for instance, and yet I think that's one of their "fixes" right now.
Google's Authenticator is also useless as now Gmail allows you to bypass the Authenticator when you can't authenticate with it for whatever reason, and go straight to using SMS 2FA instead, which brings us back to point one.
http://www.zdnet.com/article/invasive-phone-tracking-new-ss7...
SMS-based 2FA is really "security through obscurity". It's "good enough" (generously said) if you happen to not piss anyone off or be someone's target. Otherwise, not so much. I don't think enabling SMS-based 2FA will pose any problem for China to hack back into OPM for instance, and yet I think that's one of their "fixes" right now.
Google's Authenticator is also useless as now Gmail allows you to bypass the Authenticator when you can't authenticate with it for whatever reason, and go straight to using SMS 2FA instead, which brings us back to point one.