Nobody has actually tried a concerted effort to banish SMS 2FA (that I know of). Here's how I'd do it:
1. Figure out what the alternative is ("X"). It must be one thing that is dead simple, and it must work for 90% of people without annoying the fuck out of them. "Technically superior" is bullshit, it must be superior to an industry, organization, and an individual lazy user.
2. Get a coalition together of corporations who depend highly on SMS 2FA. Get them to all agree to be involved in changing to X. There are big financial and legal implications here, this is not easy. People have probably signed long-term contracts and those will need to run out or be written off.
3. A big marketing push to tell people that you are spearheading change; SMS 2FA is old and busted, X is the new hotness. You have to convince users to give it a chance, organizations to stake their reputation and security on it.
4. An organization needs to exist whose sole purpose is to make money off the new alternative. Partly this is because orgs want to pay for "premium support", partly it's to offer indemnity to customers, partly to provide a white glove service during transition, and of course, any company that makes money off something gives it legitimacy, which is needed to make people take it seriously.
5. Get official standards bodies, the government, consumer protection agencies, etc. to all make official proclamations that SMS 2FA is a danger to the nation and should be abandoned in favor of X.
6. A long period of transition. Years. A lot of support for people during the transition. Bug-fixing, figuring out edge cases, adding support to every platform on the god damn Earth.
7. All this needs to be paid for. Get the money, get it to the right people at the right time.
1. Figure out what the alternative is ("X"). It must be one thing that is dead simple, and it must work for 90% of people without annoying the fuck out of them. "Technically superior" is bullshit, it must be superior to an industry, organization, and an individual lazy user.
2. Get a coalition together of corporations who depend highly on SMS 2FA. Get them to all agree to be involved in changing to X. There are big financial and legal implications here, this is not easy. People have probably signed long-term contracts and those will need to run out or be written off.
3. A big marketing push to tell people that you are spearheading change; SMS 2FA is old and busted, X is the new hotness. You have to convince users to give it a chance, organizations to stake their reputation and security on it.
4. An organization needs to exist whose sole purpose is to make money off the new alternative. Partly this is because orgs want to pay for "premium support", partly it's to offer indemnity to customers, partly to provide a white glove service during transition, and of course, any company that makes money off something gives it legitimacy, which is needed to make people take it seriously.
5. Get official standards bodies, the government, consumer protection agencies, etc. to all make official proclamations that SMS 2FA is a danger to the nation and should be abandoned in favor of X.
6. A long period of transition. Years. A lot of support for people during the transition. Bug-fixing, figuring out edge cases, adding support to every platform on the god damn Earth.
7. All this needs to be paid for. Get the money, get it to the right people at the right time.