It’s time to ditch SMS-based 2 Factor Auth
Phone numbers are not reliable. Phone numbers can be hijacked. Phone numbers change.
Phone numbers stop working when you are traveling and not roaming. Phone numbers don’t work when you are using in-flight Wi-Fi. Phone numbers can stop receiving text messages/calls for a million of other reasons, effectively either (1) locking users out of an account or (2) compromising the account altogether.
And, as last week has shown, something that was registered as a 2FA number can potentially be used for completely non-security reasons.