I would argue that a 1FA unguessable password used once is just as good. Certainly better than the case where the provider offers account resets using just SMS thus having effectively 1FA SMS.

That really depends what else the company uses your number for now that you have given it to them for 2FA. Often enough it ends up being usable as a one factor for account "recovery".

The linked article says that at the very end, in the very last sentence, just so they can evade this kind of discussion. Clearly the takeaway any regular user (also the typical too-pedantic-for-their-own-good HN commenter) is going to take away is clearly "Don't use SMS 2FA", and they will therefore make the wrong decision.

Use 2FA. Use 2FA. Use 2FA. Worry about the design decisions in your spare time.

Exactly this. The concerns about SIM swapping are real but simply do not apply in 99.999999% of cases. It's an extremely targeted attack. Adoption rates of SMS are higher than other more secure methods like authenticator apps, and given the choice of no 2FA and 2FA SMS, you obviously should pick the latter and understand it isn't bulletproof. I find it difficult to come up with any argument otherwise.

I think there is this false idea that if SMS was not an option, people would gravitate to authenticators and other such solutions. I've provided technical support trying to get supposedly technical people to use these tools, and trust me, there are huge hurdles of adoption here. The amount of people that are unable to enter 6 digits into a prompt within 15 seconds is astounding.

Passwordless solutions are cool, and I have implemented them, but are extremely prone to footguns.

But it's also the most cost expensive (from provider side) among 1FA and 2FA-OTP

I think conversion rate and support cost associated with 2FA-OTP are worse enough for SMS to still be worth it, especially as a phone number also gives you a good marketing ability and a reasonably unique identifier for a user.

If not, everybody would be using OTP already.

That is what everyone dances around in these discussions. It doesn't matter if it is a good second factor because it is an excellent user tracking identifier and that is what they were really after. Twitter and facebook both lied about only using these numbers for security and then almost immediately put them to use for advertising purposes. We only know about it because they were big enough to sue, I'm sure every crappy site that gets the number sells it. As a bonus, it also allows them to dump a lot of the infrastructure and support problems onto some one other than themselves.

The biggest problem with SMS-2FA in my opinion is a lot of places are setup so it isn't even a second factor. I can often reset my password just through email so it just seems like throwing a threadbare blanket marked security over the top of a user tracking scam.