This is a free extension but it utilize PHComm API service to send the SMS messages and there is a charge per message

First create an account here. After you login you can obtain your API key here.

Then visit PHComm component in your site, click button `Options` 

Paste in corresponding field your API key and define your sender id. The Sender ID (or sender name) is the displayed value of who sent the message on your handset. For example, the Sender ID of your friend is their phone number. It can also be a shortcode, such as 12302. Or contain a limited number of characters, e.g. CoffeeShop.

Administrator can activate the Two-Factor Authentication, by going to the User Manager, edit a User and go to the Two-Factor Authentication Tab.

If the plugin is activated for frontend as well, then each of your users will be able to setup his own SMS 2fa by editing his/her profile in front end.

Insert the mobile phone to corresponding field

Press button 'Send OTP' to send the one time password via SMS to the defined phone number.

Write the code you received on the phone in corresponding field. Then click on Save & Close.

Now, your site access is protected by Two-Factor Authentication. Log out from your backend, you’ll see that instead of asking for the username and password only, Joomla! is asking for a secret key. The Secret Key is the six digit password you can get on your phone via SMS message. The same applies for front end if you activated it.