I’ve never had to fear against any of the techniques. That may just be because of the type of user I am. I would like to say most of the vulnerability is not because of poor implementation, rather in poor UI design where users don’t know what PIN or two-layer SMS could mean. So when an imposter uses Social Engineering techniques, I feel people can easliy give out their dynamically generated SMS keys, without which things can get very difficult for low-tech attackers.