Yeah, that's part of the problem, there are A LOT of cargo-cult-implemented terrible 2FA systems out there that have really poisoned the well on the concept. As evidenced by how many people panic whenever someone asks us if we'll ever let people enable 2FA on their account in the future!
(I mean, if nothing else, y'all can count on the fact that we don't want your phone number any more than you want us having your phone number; our general philosophy is that there has to be a REALLY GOOD reason for us to ask you for any personal data. And with us you know that's 'really good' from the standpoint of "will it let you do something that people really want to do on the site", not the standpoint of "how can we convince them to give us more data we can sell", because you can ALWAYS count on us being too stubborn (and too lazy) to sell user data.)
no subject
(I mean, if nothing else, y'all can count on the fact that we don't want your phone number any more than you want us having your phone number; our general philosophy is that there has to be a REALLY GOOD reason for us to ask you for any personal data. And with us you know that's 'really good' from the standpoint of "will it let you do something that people really want to do on the site", not the standpoint of "how can we convince them to give us more data we can sell", because you can ALWAYS count on us being too stubborn (and too lazy) to sell user data.)