NIST has not been recommending SMS OTP 2FA for a while precisely because of SMS inbox takeovers, MITM attacks, etc. https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html Most IDaaS vendors, Duo, etc. offer geofenceable push notification mobile app tokens with OTP generators for offline use. Almost all (except RSA) have OATH, TOTP, and HOTP compatibility, so that you can use VendorA’s […] …read more