[floatingatoll]

How does this problem relate to the post topic at hand? I can’t find the connection between “Duo doesn’t support TOTP and security keys” and “Duo phone method bypass for $4/mo”.

(Incidentally, Duo does support OATH-TOTP and Yubikeys in native mode.)

[bscphil]

It's related because it's very easy to empathize with people wanting to bypass Duo, when Duo is a crappy proprietary app built on top of an open standard that people are forced to use.

Your "incidentally" comment is actually important: organizations have to enable these additional auth methods; mine does not support TOTP. If it was the case that people weren't forced to either answer the phone or use a crappy app to log in (and own a smartphone), there would be much less impetus to bypass it. The point is not bypassing 2FA. The point is bypassing Duo.