We have always recommended that our customers turn on 2FA to protect their email accounts. The safest option is to use an Authenticator such as the Google Authenticator mobile app (or the single-use Authenticator built into the 1password app), instead of the much less secure misstep of a SMS text message code option.
Is a strong password not enough?
While a strong password has become the norm now a days, the extra level of security (2 Factor Authentication) will go much farther in protecting your account from hackers.
Just using a password is not enough now a days. It is much safer to have a certain device such as an authenticator app on your mobile, instead of having a code texted directly to your phone number.
Why is it unsafe?
Hackers can call up your phone company pretending to be you. If they convince their help desk to redirect messages to a different SIM card, you will be in for months or even years of headaches.
How else do they do it?
Hackers have found a way to use the flaws in the SS7 protocol that underpins SMS, in order to trick your phone network into thinking their device is your phone.
Have further questions - shoot us an email at support@sanebox.com.