If you use 2FA on any wallet service such as Coinbase or CryptoCurrency exchanges, SMS is not a bulletproof solution and can leave you open to having your funds drained.

Why is SMS Not Safe?

If a hacker obtains your phone number and account password, they can sometimes try and hack into your account by calling up your mobile phone operator pretending to be you. If they succeed, they often port your number to SIM they control.

Within minutes while you are busy trying to call your provider and figure out what has gone on, they will be logging into your account and draining it of funds! This has happened to other users. It happens more often than you think and is a serious security flaw.

What Can I Do About It?

A Low-Security Solution

There are some simple solutions. If your provider ONLY supports SMS 2FA, you should call up your network provider and ask them to set up an account password/PIN that only you know that is not used elsewhere. Say that a note needs to be on the account that unless that password/PIN is provided, they will not allow access without in-person ID at a store.

Lower security, but better than nothing.

Google Authenticator - A Medium Security Solution

Most online services support google authenticator. Electrum also supports this option in 2FA wallets. You simply install the Authenticator app, set up Google Authenticator on the service you are using, scan the QR code and you are done.

It is worth writing down the 2FA key or printing it on a known secure printer as a backup, and/or set up more than one device with the QR Code. Saves you the hassle of trying to restore access if you lose the app. The above has saved my skin a couple of times.

The above MUST be set up on a clean installed machine / live CD to ensure no viruses can pick it up while setting it up.

This is very secure, but if you are taken to a phishing site that looks like the real one, it may swipe your 2FA token when you key it in, so ensure you are on the legitimate site, first.

U2F / YubiKey Style Hardware Token - A High-Security Solution

This is a USB hardware token that can be used with some services, including Coinbase. You can have one or more than one. This will act as a 2FA key that will not allow access unless it is plugged in. They can also be used with many phone OTG USB adapters.

The advantage of these over Google Authenticator is that if you are taken to a phishing site such as a fake Coinbase site that looks like the real one, it will not gain access to your real account because the phishing will not have the keys to verify they are Coinbase, thus they will not be granted access by the token.

If you lose the key, you have to go through whatever process (if available) to reset your access such as proving ID. It is a good idea to use more than one.

Conclusion

Use SMS for 2FA if you have no other choice, but call your network to tighten your mobile numbers account security. Use Authenticator today. If you are securing large sums of money or are paranoid, use a U2F / Yubi Key, though when storing large sums of CryptoCurrency, you should consider a hardware wallet such as Ledger.