[alexkavon]

You wouldn't need to roll your own app. Just use the Microsoft Authenticator app or the Google Authenticator app, they're the same thing and don't require a direct connection to the user account. Lots of articles on the net on how to accomplish this kind of thing for $0 in extra services.

[omgitstom]

They support 2FA through SMS / TOTP / U2F. Yes, if most of their customers use GA / etc it is free, but that isn't their only option...

If they implemented a provider, they will also charge for TOTP authentications.

[bmon]

Isn't 2fa by sms bad though? You hear a new case almost every week of someone whose telco was socially engineered to gain access to their phone number linked 2fa/account recovery.

[omgitstom]

Bad is relative, it is bad compared to other more secure methods. But if you can't guarantee that your users have a smartphone, SMS is still a needed option.