Gregory's Server@SwiftOnSecurity the thing that sucks most about this is that many legacy financial system players, including essentially all banks, treat SMS or phone call-based 2FA as implicitly trustworthy and there's no way to tell them to stop using it for your account(s).
@freeagent @SwiftOnSecurity In Germany, many large (=legacy in your words, I guess) banks have deprecated and removed SMS a while ago. Instead, they offer 2FA either through their own (proprietary) apps or through hardware (bank card + proprietary reader device such as this one: https://shop.reiner-sct.com/tan-generatoren-fuer-sicheres-online-banking/tanjack-photo-qr-2708014000-1506 )