Yep. That's why I won't turn on 2FA unless they let me use Authenticator app, which I use 1password to handle for me, and it has plugins for every browser so I just hit a hotkey and it fills in the 2FA for me. If a site wants to use their own app or SMS, I just don't turn it on. Too annoying. I'm not convinced sending a code via SMS is very secure anyway.