I got an alert on my phone that I had to opt-in to 2 factor identification if I wanted to receive a digital key and did so. so I was under the impression it was an optional opt-in "feature" but it sounds like you and others have been "upgraded" to that setting without opting in. This may have something to do with the upcoming deadline for the Federal Trade Commission's "Safeguards" Rule which requires 2 factor authentication on systems that access customer data (and I believe requires it every time, not just once in awhile) and/or it may have something to do with the repeated account security breeches that Marriott has experienced. My guess is that Marriott will will upgrade the app at some point so that it can provide the 2nd factor authentication via a pop-up alert (that's cheaper and arguably more secure than sending text messages) but for now we are probably stuck with having text message based authentication.