[jacquesm]

Interesting. I try to keep the number of usernames and passwords I have to an absolute minimum because I don't trust any of those to keep that secret, nor do I trust my computer to not spill the secrets somehow through a browser bug or other drive by exploit.

At the same time I totally trust my sim, it's never been more than 10 meters away from me in the last decade or two, hasn't failed me even once and it would be very hard to get it to cough up its secrets without my cooperation (so rubber hose cryptography would still work).

Contrary to www security the phone system seems - from my perspective - at least to have done a half decent job at integrating 2FA when your average website - 20 years later - is still making up its mind about whether or not that might be a useful thing to add.