These places are large complex organizations. Event at small places it's difficult to find the right person the feedback would go to. That also assumes that the person who takes in feedback can actually change anything.
My guess is that they want to implement the feature but the security burden is so high that it's not worth it. When everyone's ${stereotypical_computer_illiterate_user_of_choice} starts using MFA and losing their 2FA solutions, it may be worth tackling, but until then, I imagine the number of impacted users is relatively low.
My guess is that they want to implement the feature but the security burden is so high that it's not worth it. When everyone's ${stereotypical_computer_illiterate_user_of_choice} starts using MFA and losing their 2FA solutions, it may be worth tackling, but until then, I imagine the number of impacted users is relatively low.