> > Unfortunately, it doesn’t work like that. When a service enables SMS-2FA, an attacker can simply move to a different service.

Yeah I really don't understand their argument here, to the point that I feel like I must be missing something.