The hackernews published an article about new NIST standard, declaring SMS- baset 2-factor authentication not to be secure any more. The insecurity is partly caused by risk of misuse of lost / stolen headset, and partl by bad design of signalling protocol SS7 (widely used in mobile network). NIST recommends to use biometry instead.