I'm fascinated by the way Signal solves this problem. You can register a phone number, verify it over SMS, set up a registration lock PIN, and then have quite secure communications. The registration lock can be bypassed if someone tries to register the number (like when the phone number is assigned to someone else), waits for a while, and the previous owner doesn't re-register.
Services that do SMS delivery of OTP may want to consider delivery over Signal or WhatsApp when available as they add this additional security.
I've also thought about building an OAuth provider (like sign-in with Google) that does Signal-like phone number verification and lock PINs. This reduced some spam concerns, as it's harder to create burner phone numbers than email addresses. A centralized OAuth service would make it easier than having every web app need their own SMS phone verification integration.
Services that do SMS delivery of OTP may want to consider delivery over Signal or WhatsApp when available as they add this additional security.
I've also thought about building an OAuth provider (like sign-in with Google) that does Signal-like phone number verification and lock PINs. This reduced some spam concerns, as it's harder to create burner phone numbers than email addresses. A centralized OAuth service would make it easier than having every web app need their own SMS phone verification integration.