I would much prefer something with end to end crypto like Signal. Of course, that creates problems with key rotation, but perhaps that could trigger additional validation of some sort.
There already exists a much better solution for 2FA - the OATH protocol's TOTP and HOTP. It uses a local token to hash a counter or the current time with no need for anyone else to have your current token or communicate it directly in any means. These are already popularly implemented in Google Authenticator and Authy.
