After logging out of BA.com today I got an e-mail inviting me to set up 2FA. I've had them before but they always threw a 'bad request' error in the browser. Same with this e-mail but noticed a comment in this thread that mentioned a differing experience between an iPhone and a laptop.

Amazingly, with an iPhone the link worked and went through the process pretty seamlessly. The only challenge is that if you're avoiding slow SMS by using an authenticator it's difficult to scan the QR code on the screen with the camera option in the authenticator so you have to use the long code.

Has anyone worked out what triggers the need for 2FA as it isn't every time you log in?