Professionalism and quality of bureaucracy vary by country.
In mine, my provider invalidated my SIM twice during their technology upgrades (2G->3G, 3G->4G) without any notice, warning, or hint. Was it an upgrade? Was I phished? It's all left to the user to infer what happened. And if it turns out to be a crime, our rules expect us to interact with an even more apathetic and corrupt police department.
What may look like hyperbole in one country is daily ground reality in another. I'd much rather prefer something under my own control, like TOTP, over anything SIM-based.
Fair enough, but, you then have the problem of not being able to cater to people with feature phones. I think a combined email or SMS based options solve most problem cases.
I don't understand the hate for SMS, like "how are these people in tech?" -- most banks I know of work on SMS based OTP. SMS also gives you a sorr of a real identity to work with and physical location in most common cases (not the app provider, but investigative authorities if they get involved).
In my country, you can buy a pre-paid SIM in a store without providing any kind of ID, making it impossible to retrieve the phone number once you lose it.
I'd be very surprised to learn that such things are not possible in the US.
> I think at one point if people make dumb choices, they're screwed, can't do anything about it
I don't think that a single "dumb" choice should result in people being screwed. Especially if the "dumb" choice is not really a dumb choice, except for "this one particular scenario in which it's dumb", like pre-paid SIMs. Quite a convenient way to blame the party damaged by big corp's bad decisions.
What I meant to say was, there needs to be a cut-off point for company responsibility. Agree, there should be other alternatives to SMS incase a user get locked out.
You'd go to your network provider, show ID and in hours you have your SIM back. What is this hyperbole..?