General advice I hear is "SMS and call-based MFA [are] the least secure of the MFA methods available today" [cite]. It is good to see that the article's subject is attempting to address SMS weaknesses.
My personal favorite MFA defense at the moment is the "number matching" mechanism. That said, Even the worst MFA is substantially better than NO MFA, so I will gladly leverage whatever the IdP offers.
Plus, we should be striving to minimize user-disruption with technologies such as cert-auth, SSO, and face-id, reserving traditional MFA for high-risk activities such as device registration and password resets.