Why would I want to remember a different passcode every month?
If after two failed login attempts, I must respond to an SMS before I log in, it's really easy to DOS.
Users will be confused by this new scheme. Stick with what has already been vetted in the industry.
This way you wouldn't need to remember a different passcode each month and the login attempt issue wouldn't exist because passcodes are generated when you need to login.