Instead of requiring an SMS for 2FA, it would be nice to allow a Passkey to be created for a password-less login. Creating the passkey could require an SMS for 2FA. That would be secure.