> The very things that make SMS a uniquely good second factor make it an awful only factor. Use of SMS for account recovery should in general (or at least for important accounts) have a delay (order of days) that allows the real user to intervene.

No, SMS shouldn't be a single factor, period. It doesn't prove much, and is insecure, as the current post shows.