Retiring SMS-based two factor authentication