Originally Posted by
tmiw
Ideally everyone would use apps like Google Authenticator, but people are already resistant to 2FA as is; having to download a separate app and set it up for various accounts would be a step too far for a lot of people.
Exactly correct, even more so for a physical U2F key, which is why many companies, particularly financial institutions, only offer SMS. It's easy from their point of view and it looks like they're doing something when they're really not.