allowing users to add an extra layer of authentication by forcing users to enter a code sent to their phone upon an attempted login. The truth is, SMS-based authentication was never secure.