[rsclient]

You'll need to be more explicit about what you think "Phone OTP" is and what you think "refuse" means.

Phone as in, "the OTP requires a cell phone with yet another buggy authenticatoin app"? Or phone as in "can support SMS"? Or phone as in "phone must support touch-tone"? Phone as in "the user must be able to hear and speak?"

"Refuse" as in, "I'm in the unpopulated area of Washington state and I have no phone signal"? Or refuse as in "I'm not using my personal device for work"? Or rfuse as in "I don't use smart phones because I want to live in the moment"?

[warmstart]

By Phone OTP I mean the following Registration/Authentication flow : To Register, user must enter phone number, user is then sent a 6 digit code via sms to the given phone number, user then must enter the code to register. To Login, it's the same flow.

By "Refuse" I mean - User has full ability to go through the flow but chooses not to for whatever reason (eg. doesn't want to share their phone number)

[JohnFen]

You are aware that this isn't a secure method for MFA, right? Issues of people's willingness to provide phone numbers aside, I would encourage you to look at other options if security is your goal.

[warmstart]

Yes; thank you for bringing that up. Sim Swapping would also be a concern.