[nde]

I feel like my biggest peeve with this whole situation revolves around a lack of choice on the user’s end, with (presumably) the goal of hardening security. And, then not doing the research to ensure the choices made are actually the most secure.

The more cynical reason might revolve around getting access to your phone number, but we’ll give the benefit of the doubt and say that’s not the case.

In my opinion, websites offering 2FA should give users a choice to pick between: - Security Key (with Backup Codes you can store offline or SMS) - Authenticator App (with Backup Codes you can store offline or SMS) - SMS - No 2FA

If I want to choose a less secure method for 2FA or backup codes, that should be my choice but clearly communicated.