Handling SMS 2FA on Twitter is an excellent exercise for a product manager interview. If they suggest what Elon did - don't hire them.
First, to get it out of the way, app-based 2FA is superior in many ways. But we also need to recognize that some 2FA is better than nothing.
I would provide two scenarios: first, you're about to get bankrupt, and second, you want to do it the right way.
1️⃣ In the first scenario, an acceptable answer would be to disable SMS 2FA altogether, clearly communicate why it's happening, and provide an easy migration way.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!