I've been getting lastpass 2fa codes via text sent to me before and after changing master passwords lately. However I don't get the authenticator notification like I would from a login attempt so I'm thinking they're attempting password resets?
but man I'm soo feed up with services requiring SMS at least for setup often as a non-disabelable fallback. It's not secure! (And worse sometimes allowing password resets using the 2nd factor.)
I understand that there is a usability issue for a non-resetable 2nd factor (due to people losing reset 2nd factor), but pls. give me and "advanced I know what I'm doing" option or similar.