#17 SMS as a poor two-factor authentication choice
Multi-factor authentication (MFA) has followed the same trajectory as several other security solutions. It starts with critical work and enterprises and then trickles down to the masses. Almost every major web application like Gmail, Dropbox, etc. now supports two-factor authentication using text messages. All major browsers support hardware-based tokens using the FIDO U2F specification (described later). There has been an ongoing attempt to bake this inside the web specification itself.