SMS is still an option if you have a working 2FA Authenticator on GitHub. And even if I went through the trouble to disable it, I disagree. There are conceivable ways people could get to my email to initiate a password reset without getting to my phone, such as snatching my laptop from me while I'm working at a coffee shop.
