jmw, Look. I get it. More #security is better.
But at what cost?
My gripe today is every website I use suddenly requiring 2FA when there would be little/if any info that could be gained from them.
Does my boardgame collection management site REALLY need to email me a code "JUST TO MAKE SURE IT'S ME"? I am pretty sure they cannot transfer a game from my collection to someone else's with the click of a button.
This becomes even more irksome when it's some random website that I signed up for with a user/pass and NOW it wants to send me emails to confirm it's me. Maybe I'm the only one on the planet however I'm not staring at my inbox 24/7 just waiting for a code. Let me opt out of this junk.
I am NOT against security. #MFA all the things for financial, healthcare, identity and other high risk targets (or their tangential sites) but at some point it's just a pain in the ass going back and forth between sites, #SMS #2FA (which is bad -anyway-), Email, the authenticator app, etc.
That's not even address the fact that these 2FA solutions often seem like security theater, which means it's making my chore longer for zero actual benefit.