Most people who use two-factor authentication (2FA) use SMS-based 2FA on social media sites or business applications that require extra security. This allows an added layer of security by requiring a password (something you know) with a code sent to your cellphone (something you have). The US National Institute of Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban on SMS-based 2FA.
The Digital Authentication Guideline (DAG) is a set of rules and guidelines used by most software companies to build secure services, and by government agencies and private companies to assess the security of their software and IT services. NIST experts are constantly updating the guidelines, in an effort to keep pace with the rapid changes in technology.
NIST officials are discouraging companies from using SMS-based authentication, even saying that SMS-based 2FA might be considered insecure in future versions of the guideline. They argue that SMS-based two-factor authentication is an unsecure process because the user may not always be in possession of the cellphone.
You can read more about the new guidelines here.