Security always comes down to a compromise of usability. The more usable the less secure. The more secure the less usable. SMS is a good compromise because mostly everyone has a phone. Same reason some do the phone call authentication because then even a landline can be used.