2FA has been in place for years through email but this new requirement forces a phone.
replyGood. E-mail based 2FA is bad, and they appear to support TOTP too as an option, as they should. Wish they supported U2F though.
replyWhy is email based 2fa bad but phone good? There are classes of issues you get through phone 2fa compared to email
replyTypically, you can also reset password via email, so it's really only one factor. Compromised email = compromised server.
reply