>Who are these people in the tech. departments making these decisions ?
They aren't in the tech department; it's being forced downwards in many cases, often by the company "selling" the 2FA "solution".
Some cases you get a rare CTO who actually understands and cares, but that's rare.
The main point of attack would be the companies selling 2FA solutions to enterprise; they need to add non-SMS options and market on them - which may require a few more high profile SMS hacks to get it in front of everyone.
So maybe the solution is for techies to hack SMS 2FA (don't actually do this).
They aren't in the tech department; it's being forced downwards in many cases, often by the company "selling" the 2FA "solution".
Some cases you get a rare CTO who actually understands and cares, but that's rare.
The main point of attack would be the companies selling 2FA solutions to enterprise; they need to add non-SMS options and market on them - which may require a few more high profile SMS hacks to get it in front of everyone.
So maybe the solution is for techies to hack SMS 2FA (don't actually do this).