The use of SMS two-factor authentication (2FA) remains popular despite its flaws because it offers a balance between security and usability. The main reasons for its persistence are that most people can receive text messages, making onboarding easy, and that 96% of Americans have a mobile phone capable of receiving texts. Additionally, SMS 2FA is still effective in blocking automated bots, phishing attacks, and targeted attacks, according to Google research. However, it has limitations, such as being vulnerable to SIM swap attacks and requiring users to opt-in for maximum security benefits. To address these weaknesses, businesses should consider offering a spectrum of 2FA options, including authenticator apps and push authentication, especially for high-value accounts and targets like celebrities or activists.