Two-factor authentication (2FA) requires a second proof of identity beyond your password. Even if your password is compromised, an attacker still cannot access the account without the second factor.
Not all 2FA is equal. SMS-based 2FA can be intercepted via SIM swapping or SS7 attacks. It is better than nothing, but the weakest form.
Authenticator apps such as Aegis on Android generate time-based codes locally, with no network transmission. Substantially more secure than SMS. Use them wherever available.
What it means in practice
SMS-based 2FA is better than nothing but is vulnerable to SIM swapping and SS7 interception. Authenticator app 2FA (Google Authenticator, Authy) is significantly more secure. Hardware keys (YubiKey) are the strongest option for accounts that justify it. In divorce situations, SMS codes sent to a compromised phone number should be treated as already intercepted — switch to an authenticator app from a clean device.
Related articles
Digital privacy checklist before filing for divorce. — Deleting evidence vs protecting yourself. — Assume your devices are already compromised.