Especially for personal accounts.
I get why a corporation would require it for employees…
But I hate it when Apple, Samsung, etc. are forcing you to have 2fa, especially by requiring a phone number.
Side note: Bitwarden will be requiring email verification codes starting in February 2025, for those who haven’t enabled 2fa yet (see my Post in YSK). Most people store their email credentials in their password vault… so a lot of people are gonna get locked out of their bitwarden vaults. I kinda hate it, especially on such sort notice (less than 10 days).
I dislike it. I already have a unique, long, randomly generated password for every account. That’s stored in a password manager with a unique, long passphrase. 2FA provides very little additional security in that scenario.
Worse, many services won’t let me use a standard TOTP authenticator. Some insist on SMS. Worse, some insist on their own app.
2FA does protect against the password being leaked and used by someone else though.