I did wonder why I got an email from Coinbase yesterday: "We strongly recommend you update your second-factor verification to Google Authenticator. Authy and SMS are vulnerable to phone porting attacks. [...] as of July 31, 2017, we will be requiring that all customers with significant balances use an Authenticator app as their second-factor verification."