A million two-factor authentication codes sent via SMS passed through an obscure third-party company. Here's how it happened and why it's a problem. Written by Lance Whitney, Contributor ...

The best way to mitigate this is to simply not use SMS-based authentication. 2FA apps are associated with your device, not your phone number, so they’re impervious to a SIM-swap attack.

There are several challenges tied to using SMS for two-factor authentication. Criminals can intercept messages by tricking mobile carriers into switching a phone number to a different device.