@L0G1S @SwiftOnSecurity I really, really prefer non-sms based 2fa. Once they've got your phone and email, most services will allow attackers to do password resets without anything else. They're the twin keys of the castle and in most cases you only need one or the other. I've seen so many people get owned top to bottom because of this shit. Hardware tokens all the way.