I’ve been travelling recently and it’s ridiculous how many banking or finance app will use SMS as a second step for login.
There are 2 big problems with this:
1) Usability: If you detected that my IP is out of the country, what are the odds that I’m not using my local SIM card?
2) SMS is super not secure!
Let me use an authenticate app or check if my machine has already logged in from my home country or something.