Comment by swiftcoder
2 hours ago
> My main bank lets me use a one time code sent to my email as a second factor or SMS
Congratulations, your bank is still relying on the two most easily spoofed 2fac methods
2 hours ago
> My main bank lets me use a one time code sent to my email as a second factor or SMS
Congratulations, your bank is still relying on the two most easily spoofed 2fac methods
The fact that they are easily spoofed is of no consequence for this use-case: entering an invalid 2FA code will simply fail to log you in into your banking. You should obviously not follow a link from an email that is not obviously coming from your request (and you should validate the top-level domain is what it needs to be even in that case), but you should be entering the bank web site directly.
The bigger problem is SIM swapping, which is more of a social engineering attack.