Steve Gibson on his Security Now episode 571, quoted a government source saying that “SMS is deprecated and will no longer be allowed in future releases…”
Steve also mentioned that on Hover they offer SMS or something like Google Authenticator. He always recommends an Authenticator solution.
Leo LaPorte in another show said that while SMS could be a problem, the attacker would also have to know your password.
In practical terms, if your bank or other company only offers SMS, it’s better than just a regular site with no second factor authentication.