SMS is hackable, and messages get delayed. It's really not worth the effort and extra cost, being only marginally better, with lots of added friction. 2FA code via email is almost as good but also not really worth the effort. Google Authenticator implementation allows password apps like 1Password, Bitwarden, LastPass, etc. to also work. This is a MUST, especially for admin login. Access to all client servers and domains via a login without 2FA is irresponsible in today's environment. Allow for generation of 10 or so backup codes at a time, many users can get by with only backup codes, and these are way more secure than SMS or email.