As a software engineer with interests in security, I am quite baffled with your current focus to showcase 2FA (Factor Authentication) SMS as the preferred solution.
I see the following issue:
There has been a lot of press in the last few years that described the risk of targeted attack with SMS 2FA (this article from twillio explains it well).
So in terms of security, I'd say:
no 2FA < SMS 2FA < TOTP 2FA < USB security key 2FA (the last one isn't implemented in GW2)
One would argue that promoting a less secure method of 2FA (and one that costs you money for each SMS sent) isn't great, which is why I'd suggest the following:
Note: My understanding is that you feel SMS 2FA is safe enough, considering that what is at stake can probably be resolved through support, and doesn't bring any financial or privacy hit.
SMS is also probably easier to setup for your customers vs having them use a 2FA app on their phone.
For those who do get the most secure choice (and are fine with it), being encouraged to downgrade still feels off.