Two-factor authentication (2FA) using push text notifications has become the de-facto standard for login security. Bad actors have found a variety of ways to circumvent it, including phishing kits. Akamai recently published a blog post describing a phishing campaign that targeted banking customers in the UK by evading 2FA. Physical security keys introduce a new twist to 2FA, using a hardware-based key is a dongle you insert into your company laptop or other registered access device, authenticating the user.
Source: https://threatpost.com/mfa-rethinking-authentication-key/166136/