Isn't that BETTER compared to anybody getting a phone number and using it to hack into your 2FA account?
>-Offers no means of backup*
That has nothing to do with SMS for 2FA. There are websites using SMS for 2FA that DO offer a backup way to authenticate in case you have an issue with your phone.
- Forgot to disable 2fa on that one account you log into once a year, before changing your phone number? have fun with that
Huh? Are we talking about the same thing?
> There are websites using SMS for 2FA that DO offer a backup way to authenticate in case you have an issue with your phone.
A backup is not the same thing as a master key (even if we call those "backup codes"). I'll grant you that those are usually enough.
What I'm saying is that a potential attacker that might divert PINs to their mobile phone, would at least have to be registered to get that phone account in the first place.