I sort of disagree. With social engineering, it could be easier to reset someone's password with a SIM swap than traditional means. For many years, PayPal refused to do true 2FA and I cringed at having to choose between no 2FA or SMS-based. Phone numbers are much easier to source through public records than many people realize. As someone who has had the same primary cell phone number since I was a teenager, I’m honestly shocked it isn’t in more places (I’ve taken great pains to limit it getting out, but I’m still shocked). That scares me enough to almost get a second number, but that’s such a pain in the ass and not a great solution.
That's not really on the table though. We are not talking about your local tech illiterate bank here. We are talking about securing your Google account which is likely used to SSO authenticate with many other accounts.