almost 6 years ago - /u/djfluffkins - Direct link

Originally posted by Revve

yeah but in case if you lose your phone its pretty much a torture to contact all of the sites you used 2FA on.

2FA not using your phone is the better way to go when possible. We (at Twitch) just had security training where we covered how people are using social engineering to get phone companies to get your number on a new SIM to bypass the 2 factor on phones. That being said, you have to be a real target for someone to do that. I would imagine the people who are being opportunistic about reused passwords aren't putting in that much effort.