Glad you learned about SIM swapping... But honestly surprised this is news to you only now. Yes, use an app like Ente or Aegis. Make sure it's open-source and you can export your codes. (Google Authenticator denied exporting for a long time, not sure if they even allow it now though I think I heard they might, still wouldn't use Google for this)

Yes... 2FA with a centralized service requires trust in the service provider... That doesn't make 2FA garbage. It's the same with literally any 2FA system. Email/text/ whatever. It's another layer of friction for any would be attacker.

Ente auth or Aegis (android only) are both great 2fa applications

Who even told you to do that I begin with? SMS is known to not be secure 10 years ago. 😂

Yes. And yet my bank is adamant in using it and not offering real 2FA.

But to play devils advocate, this is why it is a second factor.

Your password should be strong. If by some miracle, that fails, then your SMS might be your second line of defense.

If just your SMS is compromised, your password is your second line of defense.

The problem is that for most people, passwords are not a very good line of defense. For those same people, 2FA doesn't help, it's just annoying. SMS gives just enough security theatre and resistance that it can:

1. Convince people to accept it

2. Stop enough attacks to reduce business costs and reduce the cost of insurance.

Oh and all this security isn't for you and I, it is PURELY a business decision. All about margins, fees, profits and costs. We know what real user focused security is, it means stepping back and saying "I don't own this".

Most carriers have free features that will help prevent SIM swap attacks, or at least increase the friction. They’re opt-in but really should be enabled by default. You can also use a carrier like Cloaked Wireless, where their support humans don’t have the technological ability to do a SIM swap—only you can do that.