[maccard]

It’s negligent to not use 2FA for any cloud platform where credentials can be used to spin up resources.

[ipaddr]

I should have been more clear 2FA has been in place for years the phone requirement is new.

[jlokier]

They use TOTP for 2FA (industry standard), which doesn't require a phone.

Their help page lists a bunch of 2FA app options, all of which run on phones, so it's understandable to think a phone is required. (I'm disappointed they don't list the app I use, which is Aegis Authenticator.)

But actually you can use any TOTP app, and they don't all need a phone. For example, macOS (desktop) has built-in TOTP 2FA as part of the password manager.