There are a huge range of mature options available to implement things like authentication (e.g. #2fa), so the mandatory use of #SMS for this purpose is hard to justify, given the potential consequences of a mistake.