Then don't use insecure services. I think in the EU sms only password reset indirectly violates data privacy laws (not securing private data with industry standards).
You should stop using passwords altogether then and move to passkeys. Passwords are on a hot deprecation path.
Hell soon with biometrics and public key crypto you’ll be able to attest that your physically sitting in front of a computer and have an ID issued by a state that matches.
