How can I convince them his is a bad idea? First off the NIST basically declared SMS 2FA insecure. How does a bank not know this? Sim Swaps, social engineering the phone company, etc..
Second, if you travel at all suddenly you can easily have internet access (hotel, cafe, airport) but not have SMS access.
Has anyone had success convincing their bank not to require SMS 2FA?
Requiring 2FA I don't mind. I'd prefer TOTP. I'd put up with email 2FA (Steam does this). But SMS absolutely not!
First Republic Bank is a Bay Area bank so I partly brought this up here hoping there might be enough actual customers here that agree and would be willing to contact the bank and voice your objections.
One potential path might be to find a report from the FBI that discusses the financial risks to the banks. Contact the investors of that bank and the government entities that are required to insure the bank and the parent company of the bank. Start the discussion with them about amending and enhancing existing regulatory requirements. Ensure they do not see this as a cost item but only as a marketing benefit to the bank. Depending on how deep you want to go down this rabbit hole, you could start a fund raising effort to get lobbyists to also speak to those investors and governmental insuring entities. Research if additional mitigating controls might lower their insurance costs. Maybe also encourage the banks or parent companies to partner with a set of MFA vendors so they can distribute bank branded tokens that only work with their banks. Sub-optimal, but it might encourage them as they would see it as bank lock-in. Doesn't really affect end users if all the banks do it. See if you can also get a congress member to talk to the insuring bodies.
If that doesn't work, get famous people to tweet about it and link to your initiative site that describes the risks and benefits. Public pressure sometimes works.
I should add that if you get traction on this, there should be a way for people to opt-out of this and use SMS if they want to. Just require the banks to give them scary worded things that make them double-opt-in to using SMS.
Close your account and let them know that you are leaving because you do not consider their current 2FA mechanism to be secure.
There are banks with hardware 2FA in European branches that still restrict to SMS only in the US.
US banking security is a joke. IMO move your number to a VOIP provider with hardware 2FA support and transfer lock it to limit the worst of SIM Swap risk.