GitHub has a similar problem, where the GitHub mobile app can’t be disabled as an 2FA factor. They implemented an option to make other factors as the “default” without the ability to completely disable mobile, and then falsely closed the discussion [1].
If such insecure factor can’t be disabled, what’s the point in setting up TOTP and / or hardware keys?
If such insecure factor can’t be disabled, what’s the point in setting up TOTP and / or hardware keys?
[1]: https://github.com/orgs/community/discussions/10861