Authentication Failure

You're the CSO at a medium-sized social network. It's not nearly the size of, say, pre-Musk Twitter, but it's very influential because of its user base: politicians, journalists, major business leaders, etc. In fact, it's subscriber-supported rather than ad-supported: people pay to join. Because of this, your predecessor decided to require two-factor authentication and chose SMS messages.

You now have incontrovertible evidence that the scheme has somehow been subverted, though you don't know precisely how (but of course there are many ways). The Board of Directors—composed of business people, not techies—is unhappy. You have to write a memo to them, maximum of two pages, explaining:

• What went wrong.
• Why your predecessor may have made that decision? (The Board had approved 2FA but left the details to the CSO and there are no records explaining the rationale for using SMS.)
• What you plan to convert to, and why. 
• Remember that your clientele is non-technical, very busy, and uses a wide variety of devices, primarily iPhones and Windows PCs, but with some Macs, Android phones, and maybe the odd Linux box.

Again: two pages max, written for a semi-technical audience. You may, if you wish, submit up to one additional page justifying some decisions.

This homework must be submitted via Courseworks as a PDF file. To permit anonymous grading, DO NOT put your name on the PDF file. However, you MUST put your group number on the page.