So after all this discussion, the US NIST (National Institute of Standards and Technology) dropped this today (or yesterday, I was only sent the article today).
"NIST declares the age of SMS-based 2-factor authentication over"
https://techcrunch.com/2016/07/25/ni...tication-over/