The most familiar way to enable 2FA involves giving the app your phone number so it can text you a code when you log in from a new device. While this is a big jump up from no authentication, it is possible for hackers to impersonate or compromise your phone provider and get a hold of that code. According to Weidman, however, that’s pretty unlikely unless you’re a high-value target. “You’re going to be more likely to run afoul of hackers looking for sheer numbers,” she explains. “It’s unlikely they’re going to target you specifically since you’re not as valuable as someone like Elon Musk. It’s too much work.”
If you want maximum protection from 2FA, you can use a physical device such as Google Authenticator. There’s an increasing number of authenticator apps on the market, and choosing one adds another layer of decision making to the process.