Yes. I'm more critical of SMS-based two-factor authentication because the vulnerability is that once the number is stolen from you, the SMS goes to the fraudster. However, there are other things out there like app-based two-factor authentication. You may have heard of Google Authenticator, which is very commonly used.
The problem is that there was a Princeton study of 140 of the most popular websites. With regard to many of these websites, the first factor of authentication they promote is an SMS-based two-factor authentication. We need to move away from that, especially for these critical industries.
I can tell you that some of these banks within Canada still use SMS-based 2FA, and that's their only form of two-factor authentication. We need to really look at moving away from this if that vulnerability and that distrust of telcos persists.