Apple will use SMS as a fallback for two factor auth, if an authorized device is not available. Given that SMS security is a dumpster fire, this seems unwise, and I'd like to disable the feature. However, I'd still like to have a fallback if an authorized Apple device isn't available for 2FA. You'd think that's what a recovery code would be for, but I can't seem to find a path to access my Apple ID by using my recovery code instead of an authorized device.
How to disable SMS for two factor authentication
apple-idSecurity
Best Answer
Unfortunately you cannot disable the feature.
Your best bet is keeping the number used completely private. I.e. do not use your main phone number for this - use a number specifically reserved for 2FA codes so that this phone number is not shared with others.
Also I would like to point out that the loophole described in the link you have included has actually been closed shortly after that article was written through a collaboration between T-Mobile, Verizon and AT&T.
However it is still true that if you have some other means of providing a second factor than SMS, then you should definitely go for that instead. SMS is the least desirable of all options.