I had my Uber account hacked even though it had SMS 2FA enabled (from Russia as best I could tell). Now maybe there was some flaw in Uber's implementation but I don't trust SMS 2FA. Talk to any competent security researcher - SMS 2FA is only mildly better than no 2FA.
The fact that cellular traffic to this day isn't encrypted properly[1] even though LTE was supposed to should indicate just how horrible cellular providers are at infosec & what happens when they drive security requirements.
The fact that cellular traffic to this day isn't encrypted properly[1] even though LTE was supposed to should indicate just how horrible cellular providers are at infosec & what happens when they drive security requirements.
[1] https://arstechnica.com/information-technology/2018/06/lte-w...