An unsecured server has resulted in tens of millions of SMS messages being exposed, and along with it password reset links, two-factor authentication codes, shipping notifications, and more.

Apple streamlined two-factor login confirmations via text message in iOS 12 and macOS 10.14 Mojave. But using SMS to validate your login remains problematic because of phone number hijacking. Apple should lead the way to retire it.

Facebook is sending its two-factor authentication users text messages they don’t want. This situation provides yet another reason why you should use a dedicated app for generating two-factor authentication codes instead of SMS.