SMS is good enough. Sure it’s not as authenticator or some other MFA method, but it’s good enough. Chances of my random account hiding something worth subverting cell operator to get the SMS and my password, are slim to none. At that point don’t upload anything worth that much.