In addition / instead of SMS-based 2FA, it would be great to use TOTP 2FA (https://www.twilio.com/docs/glossary/totp). TOTP would be harder to intercept than a SMS code.