the simplest best answer is cold storage.
authorization is irrelevant if a hacker got into your machine.
=====
If your 'bolded' assertion is true then crypto will remain a side show
and never attain mass adoption ..
For "SMS one time pass" to be defeated the 'hacker' would have
had to either break into my home and/or steal my cell phone and
my computer .. I'll accept that 'risk' for the minor hassle of
having to take a phone call and enter a one time password prior
to withdrawing my coins .. Better that than discovering that
"Ooops someone hacked my wallet and my coins are gone"
Triff ..
Even if, say, Bitcoin QT started requiring SMS verification before it submitted a transaction, it wouldn't stop an attacker who had your key from creating a transaction without SMS verification. I don't see how the entire decentralized Bitcoin network would implement SMS verification. So even if, hypothetically, transactions were to require some value that could only be generated by specific cell phones (And I have no clue how that'd work aside from maybe storing a second private key on the phone) it'd basically just be a 2 of 2 transaction with the second key being this SMS key.