2FA SMS is not obsolete because neither is a combination lock

<i>SMS are more likely to be read by the user compared to app notifications</i><p>is nothing safe from effing marketers? Not even authentication frontends in a security discussion are free from abusing it as a sticky communication channel.<p>It won&#x27;t be more likely to be read than app notifications when it&#x27;s as abused as app notifications, and we&#x27;ll all be worse off for it.

&gt; SMS-based 2FA also offers a unique proposition – it enables the web service to verify the user, as well as acquire a sticky and unique user identity (phone number) in a single swoop. This gives the web service a reliable channel to get the user’s attention.<p>No, just no.