Originally Posted by
_kurt
Or they could get with the times and use U2F. Not that hard to just tap my key to the back of a phone regardless of where I am in the world.
That would be a terrible idea. When you lose your U2F device, it's a pain to deal with recovery...that's not what you want millions of customers using (or paying for the cost of it). 2FA is more than sufficient.