It is generally recommended that users enable two-factor authentication where possible. This is because it prevents your accounts from being hacked even if the attacker were to know your password, but this isn’t to say 2FA is very secure either.
This is because there is a method of attack known as a SIM swap attack in which the attacker, with your personal details, requests that your phone number be transferred to their SIM. This in turn would allow the attacker to then gain access to any OTPs that are sent as a result of enabling 2FA.
The good news is that it looks like T-Mobile is finally doing something about it. A report from The T-Mo Report has revealed that T-Mobile is getting ready to launch support for Number Transfer PIN (NTP). This is a PIN that users need to generate for themselves first, so that whenever they decide to port a number out to a different carrier, they will need to type in this PIN to authenticate themselves.
This will prevent attackers from pulling off SIM swap attacks because even though they might have all your personal information that a carrier typically requests, as long as they do not have the NTP, their attempt will not be successful. Other carriers such as Verizon and AT&T have already enabled NTPs, so it looks like T-Mobile is the last of the major carriers to do so.
Source: The T-Mo Report
Comments