I'm looking for a type of algorithm that could be used to encrypt text with a shared secret $S$. What I would like to have is the secret to be broken up in three pieces, where any combination of two pieces can be used to reconstruct shared key $S$ in order to decrypt the text.
Is there any mathematical or cryptographic scheme of approaching this? Physically breaking up shared secret $S$ is one approach but what about others?
The common procedure for what's asked is to draw a random key $S$, use it to encipher the plaintext using a symmetric cipher such as AES-CTR, then split the key into so-called key shares per a threshold scheme, so that $k=2$ shares out of $n=3$ are required to reconstruct the key. A generic $(k,n)$ threshold scheme is Shamir Secret Sharing.
Here is a very simple $(2,3)$ threshold scheme: each bit $x$ of the key is splits into three shares values $a$, $b$, $c$. Share value $a$ is chosen uniformly at random among $\{0,1,2\}$, then the other two are determined as $b=(a+x)\bmod3$, $c=(b+x)\bmod3$ (where $\bmod3$ designates subtracting $3$ from the result if it is $3$ or more). For decoding, if any two share values among $a$, $b$, $c$ are equal, then the corresponding key bit $x$ was $0$; otherwise it was $1$. Demonstrably, a single share gives no clue about the key. See this question for schemes still workable by hand and giving a slightly more compact encoding.
As pointed in comment, this has the drawback that who/whatever draws, uses and/or splits $S$ could be dishonest, keep $S$, and decipher the plaintext.
