Mailing the story:
US standards lab says SMS is no good for authentication
America's National Institute for Standards and Technology has advised abandonment of SMS-based two-factor authentication. That's the gist of the latest draft of its Digital Authentication Guideline, here. Down in section 5.1.3.2, the document says out-of-band verification using SMS is deprecated and won't appear in future releases of NIST's guidance.