The problem with SMS is that it is allegedly trivial to convince a telco to port someone else's number to the new burner SIM you just bought. That seems slightly worse than shared secrets to me.
SIM swap attack is really baffling to me. Over here, even if someone gained access to your account and initiated porting, you still need to go the store and present your ID to complete it.
Social engineering is really powerful, since the people you are engineering usually have elevated access privileges. In the ID scenario, presumably there are fake ID providers one could use, although with facial recognition in common use, maybe that scenario becomes harder.
