GitHub and many other sites support TOTP 2FA. These create a key which is used by an TOTP app to generate a time based code which is used. This is generally considered better than SMS codes as it's harder for someone else to hijack. There are loads of TOTP apps, Google Authenticator is a popular one, but lots of password managers like 1Password and co also support it.
I use my password manager for 2FA for low value accounts. High value ones I use a separate mobile app. I only use SMS when the service forces me to because they don't support anything else.
The risk here is of course that if your password manager is compromised, your second factor has no security value. For some cases people might be okay with that. In many cases I'm more concerned about a password being leaked rather than my password manager being compromised. For anything with significant value to me, I use a separate 2FA app though. In this case if my password manager was compromised, 2FA gives me some added security.
I use my password manager for 2FA for low value accounts. High value ones I use a separate mobile app. I only use SMS when the service forces me to because they don't support anything else.
The risk here is of course that if your password manager is compromised, your second factor has no security value. For some cases people might be okay with that. In many cases I'm more concerned about a password being leaked rather than my password manager being compromised. For anything with significant value to me, I use a separate 2FA app though. In this case if my password manager was compromised, 2FA gives me some added security.