YubiKeys are supposed to be great. I don't have one myself — been mulling it over, but not sure if I need one since I have an authenticatior app on my phone. If anyone thinks I should though I'm all ears!
But isn't the point of 2FA that it's OK to have each of the factors individually be (relatively) insecure—passwords being about as insecure as imagineable for most users—as long as no-one is likely to have access to both of them? Thus, it's OK if someone can read your texts, as long as they don't also know your passwords.
Hackers have stolen large amounts of cryptocurrencies from individual targets because they used SMS 2FA. (If probably more money than I've ever had counts as large.) You might not be as juicy a target, but if you're reading HN I guess you're at least mildly interesting these days, this being the cyberpunk future.