Wait - I was disagreeing with the GP's assertion that SMS-only was a good idea, so I think we very much agree. Maybe you meant to respond to my parent post?
IMO a shared-secret OTP app is certainly not unbreakable but is more secure than SMS.
SMS is known to be easily subpoenaed and universally stored while believing in a widespread OTP app trojan-horse requires some form of tinfoil-hattery. Both are still orders of magnitude more secure than single-factor authentication anyway and hence I believe both should be included in a reasonable 2-factor authentication solution.
Personally I can't adopt an SMS-only 2-factor solution due to service issues anyway.
IMO a shared-secret OTP app is certainly not unbreakable but is more secure than SMS.
SMS is known to be easily subpoenaed and universally stored while believing in a widespread OTP app trojan-horse requires some form of tinfoil-hattery. Both are still orders of magnitude more secure than single-factor authentication anyway and hence I believe both should be included in a reasonable 2-factor authentication solution.
Personally I can't adopt an SMS-only 2-factor solution due to service issues anyway.