[_-david-_]

2FA over SMS is the least secure option. It is free to use more secure options.

[jwestbury]

Not having 2FA at all is the least secure option. SMS-based MFA is better than no MFA, and, to be honest, I'm not sure I trust most people to keep track of MFA tokens and apps. Heck, I don't even fully trust myself to keep track of my yubikeys.