[dynamohk]

Password reset functions for most providers often make 2FA hardware/software tokens useless. They fall back to email/sms to reset forgotten password/tokens. I guess it’s usability for majority over security that would lock out users.

[Avamander]

If TOTP or Webauth is offered at all, usually it's some garbage like SMS. Twitch, eBay and Amazon all three are really disgustingly pushy with it with some bullshit excuses.