SMS 2-factor authentication isn't super secure because it's too easy to call a phone provider and do a SIM swap. It seems like a dedicated smartphone app is significantly better here? It's just as convenient for the user, but harder to compromise.