The basic idea behind multi-factor authentication is that even if thieves manage to phish or steal your password, they still cannot log in to your account unless they also hack or possess that second factor. However, it the method the second factor is delivered to end-users is also important.
For example, using SMS and automated phone calls to receive a one-time token is still considered an MFA and is much more user-friendly than relying on a software token app like Google Authenticator or Token2 Mobile OTP. However, being easier these methods are also less secure. That’s because thieves can intercept that one-time code by tricking your mobile provider into either swapping your mobile device’s SIM card or “porting” your mobile number to a different device. However, if the only 2FA options offered by a site you frequent are SMS and/or phone calls, it is still better than simply relying on a password.