Ditch any two-factor aithentication over SMS. SMS are not encrypted - plain text going through air.

Always use 2FA open source apps. That means ditch Google authenthicator (yes, you can use literary any different app, not just Google a.)