SMS two-factor authentication may be flawed, but it’s still worth using if it’s the only practical alternative.