I don't think this is good advice. Your intuition about the vulnerabilities is mostly correct, but the absolutism here seems likely to lead to worse decisions, not better.
> SMS "2FA" is not actual 2FA
That's not correct. I mean, of course it is. If you have SMS authentication as one factor and a password as the other, you're safe from compromise even if the carrier hands your phone number over to someone else. That's the whole idea behind 2FA, and it works here. A "SIM swap attack" is, contra the article and your points, not sufficient to compromise a working 2FA environment.
You need something else, like a crypto wallet system that uses SMS as a single factor, which seems plausibly to have been the case here.
> Social engineering mobile phone operator customer service departments to execute a SIM swap attack is trivially easy
True, but that's a hole in that one system that can be patched, and it's not something specific to the PSTN network at all (literally everything can be human engineered, including the customer service departments of authentication providers like Google/MS/Apple!). For example, require physical mail as a second (third) factor as an authentication mechanism and the whole problem goes away. This is already implemented for e.g. address changes, and it works fine.
Don't take a specific hole in one system as evidence that the system needs to be replaced or redesigned. That's generally a recipe for creating new security bugs, not fixing them.
> SMS "2FA" is not actual 2FA
That's not correct. I mean, of course it is. If you have SMS authentication as one factor and a password as the other, you're safe from compromise even if the carrier hands your phone number over to someone else. That's the whole idea behind 2FA, and it works here. A "SIM swap attack" is, contra the article and your points, not sufficient to compromise a working 2FA environment.
You need something else, like a crypto wallet system that uses SMS as a single factor, which seems plausibly to have been the case here.
> Social engineering mobile phone operator customer service departments to execute a SIM swap attack is trivially easy
True, but that's a hole in that one system that can be patched, and it's not something specific to the PSTN network at all (literally everything can be human engineered, including the customer service departments of authentication providers like Google/MS/Apple!). For example, require physical mail as a second (third) factor as an authentication mechanism and the whole problem goes away. This is already implemented for e.g. address changes, and it works fine.
Don't take a specific hole in one system as evidence that the system needs to be replaced or redesigned. That's generally a recipe for creating new security bugs, not fixing them.