For me, the bigger risk of SMS-only 2FA is being locked out of my own account.
I sometimes travel to Iran to visit relatives. For obvious reasons, there are no roaming deals between US carriers and Iranian carriers, so I am unable to receive SMS messages while there. I’ve been bitten several times by websites that see I’m logging in from a scary IP address, and force me to authenticate via 2FA SMS to proceed. Whoops, guess I can’t check my bank account for a month now!
I sometimes travel to Iran to visit relatives. For obvious reasons, there are no roaming deals between US carriers and Iranian carriers, so I am unable to receive SMS messages while there. I’ve been bitten several times by websites that see I’m logging in from a scary IP address, and force me to authenticate via 2FA SMS to proceed. Whoops, guess I can’t check my bank account for a month now!