And SMS should be retired completely for authentication, not simply deprecated as NIST did in SP 800-63B with companies like banks assuming full liability for losses to others if they continue with this unacceptably insecure mechanism.
"The lobby group for Australian telcos has declared that SMS technology should no longer be considered a safe means of verifying the identity of an individual during a banking transaction."
