The flaw lies largely with the weakest link: the phone system and the humans who run it.
Where are the flaws in two-factor authentication?
The Economist

Hackers have always been hijacking phone numbers. Kevin Mitnick used similar techniques in the 1980s. SMS became a weak substitute for “something you have” as the service became popular with consumers. SMS became a popular second factor because average people could believe in it, and vendors weren’t inclined to advertise its inherent weakness.

We won’t fix our authentication problems by fixing the phone system. It does its real job (communicating) fairly well. It’s not designed to authenticate people. As a long-time observer of authentication technology (see my 2002 book Authentication), I like the Apple approach or, better, the Google Authenticator.

Like what you read? Give Rick Smith a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.