>Maybe SMS isn't really appropriate for a "second factor".
It's not and more than that it's insecure and reduce privacy.
As far as I know second factor auth was put in place because of reckless users who puts the same password everywhere and thus their account got usurped. The only viable solution to this is people who will use a password manager. As for the method of "second factor" a second password or email validation is good enough.