[tallanvor]

From a security perspective, it seems you're only confirming that whoever is trying to log in has access to the phone number - not a specific SIM card. So right away it doesn't appear to offer any benefits over other MFA options out there, and is certainly less secure than some of them.

The cost per authentication is high, and even if that weren't a concern, I'd certainly never advocate for a solution that I can't even test since my country isn't on the supported list.

Finally, getting locked out of my servers if your endpoint goes down is a hard pass. I can't really imagine anyone seriously considering implementing this type of access control to servers.