I was reading today about how people are successfully hacking into coinbase accounts with two factor authentication enabled. Supposedly hackers only need your phone number and your account to intercept the two factor message before it reaches your phone...

However, I did notice that coinbase is now doing a three step authentication.... first a phone message and then an email confirmation.