Which is a real shame. SMS might not be perfect, but it's a real help when I don't have a better means handy. Its better than no 2FA, and it's saved my butt a few times when I get a text message saying "Here is your login code" and I'm out walking in the park.

I get a new phone every year, and Google Authenticator sucks for that, but it's by far the second most common 2FA provider. I just got a new phone today, and had to go disable 2FA on all my accounts then re-enable it to generate a new code. SMS is always a good fallback in my experience.

> SMS might not be perfect, but it's a real help when I don't have a better means handy. Its better than no 2FA

If used exclusively as a second factor, yes, it's better than nothing. However, many systems also allow you to use a phone as a password recovery system, which makes it much worse than no 2FA. Many people have had every account they own broken into, starting with a social-engineering call to their cell service to get their number moved to a new SIM/phone, followed by a reset of their email, followed by a reset of everything else.

I use 1Password for time-based one time passwords. They're very upfront about the limitations, and I'm comfortable with the tradeoff, especially since it has eliminated the hassle of setting up Google Authenticator repeatedly.

https://blog.agilebits.com/2015/01/26/totp-for-1password-use...

I use Authy - it's been a life-saver for having various phones get: Replaced, broken, reset, flashed during dev, etc.

You can buy a Yubikey, use the Yubikey Authenticator instead of the Google Authenticator, its more secure by far, and you can use any Android device at any time.

Or use a Cloudbased system, LastPass Password Manager for example does this. Authy does the same thing.

I got a U2F key, which neatly solves the problem as long as you have a USB port. The integration into the browser makes it painless and fast to use.

Adding bluetooth to work with mobile devices would make it a complete solution.

Edit: corrected U2FA to U2F.

How does a U2F key help you? Most places don't support U2F.

Bluetooth and NFC are standardized, and the first products are out. I really hope U2F and UAF are gone 'make it' in the market.

I think it's crucial for Gmail, because the popularity of email-based verification means that if you lose your email account you lose everything. Including the presidency, in John Podesta's case!

I also use it for Bitbucket and Githib, but I take your point and also hope it becomes a widespread standard.

SMS 2FA is only as strong a your voicemail password.

Also "Single Factor Cryptographic Software", which I think means client certificates.