2. It's just a little dev step away: http://blog.cmpxchg8b.com/2020/07/you-dont-need-sms-2fa.html . Phish kits will evolve, UX will still be bad, and phishing will still happen.
See also https://sakurity.com/blog/2015/07/18/2fa.html
Wow that's bad.
Here in Norway we use a system called BankID that uses the SIM in your mobile and it does it every time I log in.
And yes the login one might be every 90 days, but to do a transaction there might be an extra one
(yes Germany did away with paper tans (2fa codes) in 2019 yay - thankfully not all banks are that stupid)
2. It's just a little dev step away: http://blog.cmpxchg8b.com/2020/07/you-dont-need-sms-2fa.html . Phish kits will evolve, UX will still be bad, and phishing will still happen.
See also https://sakurity.com/blog/2015/07/18/2fa.html