> If 2FA was token based as people seem to want it to be, I'd have an issue, but SMS based is enough to keep out the majority of opportunistic attackers while being recoverable.
But so is using a long, unique, random password stored in a password manager! In fact, a strong password is more secure because it's not vulnerable to SIM swapping.
Admittedly, you could use both, but many/most services will let you use SMS for password recovery once it's set up, so it ends up becoming a single factor!
I'm also really nervous about loosing access to my phone number some day due to some screwup or other.
> Plus, there's always printable recovery codes with Google at least.
But I loose things. Especially slips of paper which I usually don't need to access. There is absolutely no way in hell I will be able to find a printout of backup codes when I actually need them.
