I’ve been discussing the importance of two factor authentication and now it’s the time to move further into changing your security behavior.
Ditch the SMS and never use voice calls. Go to an app, I like Authy but Google authenticator, Microsoft authenticator, Lastpass and others have it as well.
This is what I see in the normal person landscape of authentication.
Banking – many still use texting but they also watch IP addresses for fraud and behavioral tools.
Credit cards also use texting but they’ve been dealing with purchase behavior analysis for a long time.
Healthcare offices – it’s rare to see those that use 2FA at all, although I’ve seen a few begin. It’s a bit weird because they won’t communicate over email (understandable) but when they have a portal it’s not protected and the main care providers use it as an afterthought.