Exactly this. The concerns about SIM swapping are real but simply do not apply in 99.999999% of cases. It's an extremely targeted attack. Adoption rates of SMS are higher than other more secure methods like authenticator apps, and given the choice of no 2FA and 2FA SMS, you obviously should pick the latter and understand it isn't bulletproof. I find it difficult to come up with any argument otherwise.
I think there is this false idea that if SMS was not an option, people would gravitate to authenticators and other such solutions. I've provided technical support trying to get supposedly technical people to use these tools, and trust me, there are huge hurdles of adoption here. The amount of people that are unable to enter 6 digits into a prompt within 15 seconds is astounding.
Passwordless solutions are cool, and I have implemented them, but are extremely prone to footguns.
I think there is this false idea that if SMS was not an option, people would gravitate to authenticators and other such solutions. I've provided technical support trying to get supposedly technical people to use these tools, and trust me, there are huge hurdles of adoption here. The amount of people that are unable to enter 6 digits into a prompt within 15 seconds is astounding.
Passwordless solutions are cool, and I have implemented them, but are extremely prone to footguns.