Other people have answered better, so I’m only going to take on the elevator speech of personal security concepts:

1. There is no such thing as perfect security.
2. There is such a thing as an appropriate depth of defense.
3. For general consumer protection, dedicated authentication > sms, BUT,
4. SMS has less overhead and more portability.

The days of being reasonably secure without active effort at self-educating are ending (truly, already gone)… kind of like an economically transmitted disease, Privacanemia©.