The point of SMS 2FA is not security and never has been.

The point of SMS 2FA is tracking.

It's to force you to give them your phone number, for their own marketing, but also selling your customer profile to companies like Palantir.

This also makes the government happy, because they can scoop up your SMSs and they get a nice handy list of every service you use which makes warrants easier, but also gives them info about when you log in or do other actions on those accounts.

SMS 2FA costs these companies far more than TOTP would, but they still use SMS 2FA. That tells you everything you need to know...