[Rafert]

How is requiring a SMS token in addition to a password less secure than just requiring the password?

[ahelwer]

Because SMS is used in password-recovery workflows, meaning it isn't a second factor at all - it's a single, easily-breakable factor.

[jeromegv]

Except your bank already has your phone number. If phone was already part of the recovery process, it didn’t make it any less safe by enabling 2FA SMS

[kevin_nisbet]

This only happens if SMS get's used in the password-recovery workflow. I don't think there is evidence that TD is using SMS to replace password reset.

So I really don't see how this makes security worse.