As a principle, 2-Factor (or multi-factor) authentication is better than just a password, unless one of the factors is inherently weak.  That is the case when it's a code being texted to your phone number.  https://www.forbes.com/sites/laurashin/2016/12/21/hackers-are-hijacking-phone-numbers-and-breaking-into-email-and-bank-accounts-how-to-protect-yourself/#6c3f431a360f

Telcos are notoriously bad for customer service, and make it easy for criminals to "social engineer" your cell phone number to their phone, and then proceed to reset your passwords using the SMS code they receive.  That goes for email, banks, credit cards, etc.  Each factor of authentication is a new vector for attack, so services should never rely on just one to supersede another.