Currently, for an account secured with Two-factor authentication (2FA), there is no way to prevent someone from requesting an access code via the verified phone number linked to the account. Even if an authenticator has been added to the account, and even if the authenticator is set to the primary 2FA method, someone can always request an access code via the verified phone number.
Given the increase in SIM swapping/hacking attacks, and given the sensitive nature of information included in TurboTax, users should have the option of enabling 2FA with only an authenticator to prevent unauthorized access via a SIM swap/hack.