SMS-based Two-Factor authentication may soon not be adequate anymore
▻https://securityintelligence.com/news/sms-two-factor-authentication-time-to-trash-the-text
For example, smartphones infected with malware can secretly redirect texts to another device, while more enterprising criminals are calling up phone companies and impersonating their potential victims, convincing operators to re-route secure texts.
NIST is working on a draft Special Publication 800-63B : “Digital Authentication Guideline”
▻https://pages.nist.gov/800-63-3/sp800-63b.html
They suggest
that companies should always verify that the number they’re texting is a true mobile phone and “generate a random authentication secret with at least 20 bits of entropy using an approved random number generator.