Word of warning if you know somebody who uses Bank of America: their customer support has a mechanism to push you a 2nd factor code over SMS and then they actually ask you for the code over the phone. The text message looks 99% identical to the 2nd factor code you get when normally logging in to your bank account.
Support does this to 'verify your identity' and authorize doing arbitrary things like even moving $100,000 out of your bank account.
Support does this to 'verify your identity' and authorize doing arbitrary things like even moving $100,000 out of your bank account.
And no, their security team won't fix this.