Return to Answer

Your threat model (the largest surveillance state actor out there) has one benign consequence. Surveillance agencies do not like it when people know they are being watched (because then people change their behavior in less predictable ways). Thus, if your second factor cannot be intercepted in transit, or you can learn about its use very soon they will be unlikely to consider your authentication mechanism as the weakest link and candidate point of entry. They will try elsewhere (okay, this isn't as rosy as one could imagine - including the use of "rubberhose cryptoanalysis").

In most developed countries of the 'free world' (I can almost hear Eric Arthur Blair rotate in his grave) telecommunications operators are likely to be under 'gag orders' and can participate in active intercept efforts. Your phones may be cloned, and SMS-traffic may be undetectably altered. Last, but not least: there aren't any "airgapped" iPhones.

Your threat model (the largest surveillance state actor out there) has one benign consequence. Surveillance agencies do not like it when people know they are being watched (because then people change their behavior in less predictable ways). Thus, if your second factor cannot be intercepted in transit, or you can learn about its use very soon they will be unlikely to consider your authentication mechanism as the weakest link and candidate point of entry. They will try elsewhere (okay, this isn't as rosy as one could imagine - including the use of "rubberhose cryptoanalysis").

In most developed countries of the 'free world' (I can almost hear Eric Arthur Blair spin in his grave) telecommunications operators are likely to be under 'gag orders' and can participate in active intercept efforts. Your phones may be cloned, and SMS-traffic may be undetectably altered. Last, but not least: there aren't any "airgapped" iPhones.

Your threat model (the largest surveillance state actor out there) has one benign consequence. Surveillance agencies do not like it when people know they are being watched (because then people change their behavior in less predictable ways). Thus, if your second factor cannot be intercepted in transit, or you can learn about its use very soon they will be unlikely to consider your authentication mechanism as the weakest link and candidate point of entry. They will try elsewhere (okay, this isn't as rosy as one could imagine - including the use of "rubberhose cryptoanalysis").

In most developed countries of the 'free world' (I can almost hear Eric Arthur Blair rotate in his grave) telecommunications operators are likely to be under 'gag orders' and can participate in active intercept efforts. Your phones may be cloned, and SMS-traffic may be undetectably altered. Last, but not least: there aren't any "airgapped" iPhones.

Your threat model (the largest surveillance state actor out there) has one benign consequence. Surveillance agencies do not like it when people know they are being watched (because then people change their behavior in less predictable ways). Thus, if your second factor cannot be intercepted in transit, or you can learn about its use very soon they will be unlikely to consider your authentication mechanism as the weakest link and candidate point of entry. They will try elsewhere (okay, this isn't as rosy as one could imagine - including the use of "rubberhose cryptoanalysis").

In most developed countries of the 'free world' (I can almost hear Eric Arthur Blair rotate in his grave) telecommunications operators are likely to be under 'gag orders' and can participate in active intercept efforts. Your phones may be cloned, and SMS-traffic may be undetectably altered. Last, but not least: there aren't any "airgapped" iPhones.

Your threat model (the largest surveillance state actor out there) has one benign consequence. Surveillance agencies do not like it when people know they are being watched (because then people change their behavior in less predictable ways). Thus, if your second factor cannot be intercepted in transit, or you can learn about its use very soon they will be unlikely to consider your authentication mechanism as the weakest link and candidate point of entry. They will try elsewhere (okay, this isn't as rosy as one could imagine - including the use of "rubberhose cryptoanalysis").

In most developed countries of the 'free world' (I can almost hear Eric Arthur Blair rotate in his grave) telecommunications operators are likely to be under 'gag orders' and can participate in active intercept efforts. Your phones may be cloned, and SMS-traffic may be undetectably altered. Last, but not least: there aren't any "airgapped" iPhones.

Your threat model (the largest surveillance state actor out there) has one benign consequence. Surveillance agencies do not like it when people know they are being watched (because then people change their behavior in less predictable ways). Thus, if your second factor cannot be intercepted in transit, or you can learn about its use very soon they will be unlikely to consider your authentication mechanism as the weakest link and candidate point of entry. They will try elsewhere (okay, this isn't as rosy as one could imagine - including the use of "rubberhose cryptoanalysis").

In most developed countries of the 'free world' (I can almost hear Eric Arthur Blair rotate in his grave) telecommunications operators are likely to be under 'gag orders' and can participate in active intercept efforts. Your phones may be cloned, and SMS-traffic may be undetectably altered. Last, but not least: there aren't any "airgapped" iPhones.