I’m starting to find it odd when a service with 2FA doesn’t offer TOTP as the main option.
It’s widely supported. You don’t need a bunch of different physical tokens/separate apps to authenticate. It’s more secure than SMS.
Most embarrassing is the fact that PayPal still only offers SMS. Their 2FA messages are often delayed or dropped, too.
Any recommendations for adding 2 factor authentication to a web application?