Drop SMS for 2FA: "we learned that SMS-based authentication is not nearly as
secure as we would hope, and the main attack was via SMS intercept. We point
this out to encourage everyone here to move to token-based 2FA."
https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/