[dheera]

Get a Twilio number and use it for pretty much everything.

Twilio is awesome, I even have my Twilio workflow configured to receive "2FA" calls and hit the # key without my intervention, and I have it set up mess with unknown callers by putting them on hold indefinitely with music.

[wyre]

Wouldn’t using Twilio effect the security of 2FA?

[dheera]

Yes, but I don't do phone-based 2FA; I only use U2F or TOTP.

When I have a massive, immobile desktop in front of me it makes no sense that the desktop isn't the 2FA device, and that I'm asked to go search for an easy-to-steal tiny 5" device.

Also, I don't believe in phone numbers being 1:1 correlated with a device; for convenience I should be able to take a call from any device that I happen to have with me. So phone numbers should never be used for 2FA IMO.

[wyre]

Why use 2FA at all then? It doesn’t seem like you’re gaining any security using it.

[dheera]

They insist on it, not me.

I'm all for 2FA if it uses U2F but if it's going to be phone-number based I'd rather pass. That isn't an option though, so I automate the phone response.