Instead of authenticating with a code, which you’d need service to get, isn’t it easier to just open the port to allow for entry of T-Mobile user credentials? Seems to me would be more secure and easier than trying to send a code (I’ll go on the record as hating 2FA and see it as much as security theatre than anything else - I’m waiting for Passkeys to become more standard for more secure logins, but that’s for a completely other thread on a tech site, I guess?).

By the way, I have no issue with UA/T-Mobile authenticating users, as long as it’s user-friendly and relatively easy for legitimate users to login. Absolutely despise, for example, the old verified by visa ‘password’ system (that CO used to use, for example) where it seemed to just deny me the ability to use my own card).