[whatl3y]

> I suspect that support cost also played into the decision.

I respect this if it’s the case, but just say it, don’t hide behind a “best practice” security blanket when your true motive includes other factors.

> If there is no way to recover, it creates a perverse incentive to not use 2FA in the first place.

Agree. The user has to now perform a cost benefit analysis in her head to determine if she’ll use MFA with the most punitive risk being she loses access to her account forever.