The recommendation doesn't make sense. Yes, your phone may not always be in your possession.
I'd recommend re-reading the actual recommendation: "The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number". It's not the user having the phone on them, it's the phone having the number associated with it. They're essentially saying that it's too easy to hijack the phone's number (or simply get it when the user changes it) and receive the SMS instead of the legitimate user.
I didn't think it would be possible, but current day slashdot is in slightly worse condition than at the end of the DICE era.
I have to ask... what? They've removed a lot of the crap DICE was attempting to pull, editing quality has improved somewhat, the comments section now supports partial Unicode (— éèêç etc.), I see fewer completely wrong submissions, and so on. Sure, there could be even more improvements, but to say that it's worsened is blatantly untrue.
"Love may fail, but courtesy will previal." -- A Kurt Vonnegut fan