Question: why is 2FA based on one time codes better than sms?
Eh, this is a whole thing.
Technically speaking it's more secure to tie generation of a one-time code to an authenticator app, because it effectively turns your phone into the physical key used to access your account.
The only way it can be compromised is if someone steals the phone from you, or if the authenticator app itself is compromised on the developer side.
Tying it to an email address introduces additional attack vectors - if your email account gets compromised (i.e. through a device you have logged into it, or the email provider itself being hacked), the attacker can access your PSN in the same way you would.
SMS is a bit more of a grey area. The same logic as email applies, since I believe there are setups out there that allow an SMS account to be shared between multiple devices, but most folks have a traditional one-SIM-one-device deal that puts it on the same footing as an authenticator app - i.e. a prospective attacker would have to physically steal the phone in order to gain access access to it.
That's the unbiased take. Personally, I think the rise of authenticator apps is not an entirely altruistic measure given that we live in the age where every company under the sun wants a place in your phone's app tray and a piece of your mindshare.
None of the ones I've encountered so far have been badly behaved (i.e. none of them push ad notifications or whatever other crap usually comes with halfassed corpo shovelware), but I favour SMS where possible because I resent being forced to install third-party software in order to use a service that otherwise has nothing to do with my phone.