Maybe they want to have a backup? People setup 2FA using authenticator, loose phone, no proper backups, backup codes lost.
Using access to specific phonenumber as second factor is not too good security wise, but there’s no perfect options. I’d say managing 2FA properly is hard even for IT pros, let alone regular people. Like how many store the backup codes offsite, regularly test backup Ubikeys etc.
Using access to specific phonenumber as second factor is not too good security wise, but there’s no perfect options. I’d say managing 2FA properly is hard even for IT pros, let alone regular people. Like how many store the backup codes offsite, regularly test backup Ubikeys etc.