Using SMS 2FA is negligent, considering it’s been four+ years since NIST told the industry not to use it because it’s not safe.

(It’s also the only option offered by many US banks, which is a sad commentary on the level of tech innovation in finance in the USA.)