Either make me create a password and then let me into my account or let me use my phone number/email to verify. It’s becoming too much to get into every day stuff. If I have biometrics on there is zero reason for anything else.
Basically the current security system is overdoing it. I suggest getting rid of passwords all together OR only requiring one or the other. Like it I forget my password or I forget my phone I can use the other but JFC its a hassle.
Password databases will be leaked. That’s just a fact of the world today.
2fa allows you to have either one of your login methods fail without your account getting compromised.
It sucks but I don’t know of a better system (other than physical cryptographic keys which is not going to be an option for most consumers)