You're incorrectly assuming that you can predict a site will never allow password reset via SMS only.
You can check if they appear to allow it today. Not perfectly, as they may have multiple variants and depending on other factors you might get presented with one or the other.
But you have no way to predict if next month a PM there decides their current password reset was too cumbersome and they change it to SMS-only. If you had a phone# on file, you're now suddenly vulnerable.
You can check if they appear to allow it today. Not perfectly, as they may have multiple variants and depending on other factors you might get presented with one or the other.
But you have no way to predict if next month a PM there decides their current password reset was too cumbersome and they change it to SMS-only. If you had a phone# on file, you're now suddenly vulnerable.