The worst thing here is there are genuinely people who are afraid of 2FA because they see headlines about how 2FA over SMS is dangerous, and they (as well as the writers in some cases, to be fair) don't understand that the "over SMS" part is the crux of it, not the 2FA part. It doesn't even make sense. You don't even need extra infrastructure to do it properly. It costs you more money to send an SMS. Just don't!