> What is the point of setting up a hardware or Google Authenticator-type 2FA solution when most companies will fallback to SMS?

Most people probably use it because it’s more convenient and reliable than SMS, not because it’s more secure.