My school is moving away from SMS 2FA. Is this overkill?

Question

My university is shifting away from allowing SMS as a 2FA option for accounts starting in March. I'm aware that there is now a well known "hack" that involves rerouting SMS 2FA texts to an attacker's own device, but that requires quite a bit of targeting to do, so I'm wondering if there's something I may be missing for the reason to shift away from SMS.I'm especially curious considering large corporations like JP Morgan are still using SMS 2FA.Is it really necessary at this point to move away from SMS authentication?

stop50 · Accepted Answer

ever heard of sim-swapping attacks? Some of them are done using the ss7 protocol, so the attacked sim still works and is harder to detect unless you are the attacked provider