Multi-factor authentication (MFA) continues to embody both the best and worst of business IT security practice. Survey: 99.9% of compromised accounts did not use MFA at all and only 11% of enterprise accounts are protected by some MFA method. The biggest problem with MFA has to do with its most common implementation: using SMS one-time passcodes. Recent attacks and incidents show that security professionals have more work to do in securing two-factor and multi-factor implementations.”]
Source: https://www.csoonline.com/article/3620223/how-to-hack-2fa.html