The advantage with the phone is that the web site operator can pawn off the difficult recovery part on your mobile provider (go there, show ID, get a new SIM).
IMO both the mobile provider and the web site operator should be jointly liable for damages resulting from SMS 2FA abuse. The mobile operator for giving access to your phone number to an unauthorized person, the web site operator for using a known insecure technique.
Both the number of successful hijackings and companies using SMS 2FA would drop drastically.
IMO both the mobile provider and the web site operator should be jointly liable for damages resulting from SMS 2FA abuse. The mobile operator for giving access to your phone number to an unauthorized person, the web site operator for using a known insecure technique.
Both the number of successful hijackings and companies using SMS 2FA would drop drastically.