That is to be expected at this time though, and for a service like Github letting the user choose their level of authentication strength is fine — you are mostly responsible for what data you store there yourself. In the mean time it will help the adoption of this standard to at least have the option available.

If a service is actually guarding private data by definition (like a bank or an insurance agency) than phasing out SMS in favour of FIDO U2F or another true hardware factor is a much more likely scenario.