This. SMS is a great second factor and is perfectly suitable to prevent the main attack that you want second factors to prevent: that is if your password appears in a password list for any reason it should stopp anyone from just running away with your account. Note that if you are targeted directly SMS is not going to help you much but in this case maybe your password can (depending on the capabilities of the attacker).
Now is SMS the best second factor? Of course not and a proper U2F token will be a lot more secure in many cases but for most people SMS should be perfectly suitable. All this of course requires the auth provider to be somewhat competent and not use SMS as an only factor in any circumstances.
Now is SMS the best second factor? Of course not and a proper U2F token will be a lot more secure in many cases but for most people SMS should be perfectly suitable. All this of course requires the auth provider to be somewhat competent and not use SMS as an only factor in any circumstances.