The two step verification system is being used by banks, eMail providers and important or corporate sites, to make sure that who is longing to the site, is the real owner.
the problem lies in the SMS as a medium, its slow, not 100% reliable in all countries, very easy to capture it with cheap devices, not cheap enough.
What might be a better approach, or at least a second option, is an app that works in all smart phones, that uses SMS to verify the the phone its on, and that the number in the phone, is the one being used, and then all other sites can use it to verify the user, by sending to the app, encrypted messages and the app replying back.
Or by the site creates 2D bar-code, that has an encrypted message, and a link to send the verification to, like whatsApp web.
This will make the login verification much faster, no need to enter anything from the user, he just needs to capture the 2D barcode, and the rest is on the app.
also the site can ask the app for several security checks, like:
* a fresh picture of his fingerprint for fingerprint detection,
* a fresh picture of his face, for face-detection,
* several words to be spoken, for sound-detection,
* retina capture, for retina -detection,
* any new biometric mesures that the mobiles will have, like motion sensers to make sure he is alive, or vein capture.
and all of this, are done by the app, with less money sent to the app site, than to the SMS providers, and this will mean one App, multiple verification types.
plus, security measures and options can be changed every now and then, but SMS security/encryption, is non-existence.
and the analysis can be done on the mobile, or through the cloud AI services.
While there is still are large number of people having old non-smart phones, but its an option to be given for the users, if they have a smart-phone then they can go to a more secure option.
and this Idea can be done by the big players, Google,MS, Apple, Samsung, LG, LinkedIn, Cisco,…
this ideas sent to the big player.