Quote:
|
How is it a reduction in security?
|
Having multiple different ways of getting a 2FA code provides more paths for hackers to steal them. In particular, having a phone number that is used for receiving SMS codes, calls, or as a recovery number can make your account much less secure as been demonstrated recently in several high-profile hacks. They SIM swap your number or simply bribe someone in the phone company and once they have that they are in, assuming they already have your password via some other means. Though, probably this is a much smaller problem for most of us than simply having the password database hacked or our password stolen via a phishing attack. Microsoft and Google both report that using 2FA of any sort eliminates the vast majority of hacks.
https://techcommunity.microsoft.com/...us/ba-p/855124