Yes. The absolute worst 2FA is SMS based, especially when they refuse to work with my VoIP numbers (I now have a $5/mo 2nd eSIM plan just for this since my primary SIM is data only).

IMHO, just let me check a box that enables me to ONLY use username and password all the time, no extra steps or IP-based captcha or “verify it’s you” by clicking an extra email. My passwords are unique and strong and the provider is more likely to get hacked than my passwords get cracked.

> I would much rather use TOTP than be forced to use a phone number. Phones can break.

Phones / SMS is also less secure than TOTP. It’s odd that most orgs that require 2FA yet accept only phone calls or sms as the second factor are financial institutions.