As others have pointed out SMS has issues. You need a phone contract.
Forget to pay your bill this month? No logging in for you.
Switch providers and forget to change all your services over? Oh well, all your data is lost, make new accounts.
Don't have a roaming on and go overseas? Guess you aren't accessing your travel plans. Even if it's on many ISPs charge 0.50+ per SMS. Why should have to pay just to log into unrelated services?
Go overseas and get a local sim? Welcome to swapping sims anytime you want to login (have had to do this for certain things that currently require SMS verification)
Also, don't like linking all sorts of on-line accounts to a single uniquely identifiable number? Tough luck!
It is disheartening that in an area of mass-surveillance by governments and advertisement networks alike, the notion of separate identities for separate purposes is seen as obsolete and suspicious.
At least with hard-token 2FA technologies such as FIDO U2F, services you access with that key cannot correlate it with other services accessed with it (by design).
You're missing the biggest vulnerability. SMS means you're tied to a phone company, which has a tech support line staffed with people who's main job is keeping their call times down. It's shockingly easy to socially engineer them into sending a copy of your SIM to some random address and completely defeat the 2FA on your system.
And once they have your texts, getting a CSR to reset the password on all of your important accounts is super easy. By far the biggest security vulnerability on major services is the customer support representatives.
Forget to pay your bill this month? No logging in for you.
Switch providers and forget to change all your services over? Oh well, all your data is lost, make new accounts.
Don't have a roaming on and go overseas? Guess you aren't accessing your travel plans. Even if it's on many ISPs charge 0.50+ per SMS. Why should have to pay just to log into unrelated services?
Go overseas and get a local sim? Welcome to swapping sims anytime you want to login (have had to do this for certain things that currently require SMS verification)