Oh, and yeah, not a fan of SMS 2FA either. OTOH, MS passwordless login is pretty well implemented. I have shifted to it where possible.
My preference is passwords and TOPT or passkey / webauthn 2FA, or even better, webauthn with an identity (e.g. email / account) all on its own (no need for a password or 2FA).