The unstated point here is that SMS as a second factor very often leads to companies using SMS as an alternative factor. This is what makes giving companies your mobile number for SMS 2FA a risky proposition.