I am assuming your comment is in good faith here.
I’m in the United States. My state does not have laws mandating MFA be available via any mechanism, and I’m not sure if any state does.
I do not get service if I do not provide my name, service address and some contact phone number. Maybe I could argue with a CSR for an hour to refuse to give it, but the time-value of this is ridiculous.
Secondly, if I want to turn on any form of MFA for access to my account, this phone number is then used to send codes by giving me a text. Unlike some services, receiving this code over voice is not possible. Email is not an option. My utility also has a skeleton phone support staff as they have been pushing everyone to online management, so opting to pay my bills only after I view them is now more difficult. Multiply this by a number of other services.
In the United States, the second constraint is not necessarily uncommon. Some services improve on this model by calling you with a MFA code or emailing you, but not all.
The difficult issue over the last few years are services tightening down access to which phone numbers you can even use for these services. Increasingly, services are restricting the use of VoIP numbers.
Lastly, merely giving my phone number out to friends and family is a risk to keeping total privacy. A large number of messaging services upload your full address book of names and numbers to the service. It only takes one person using one app for the potential mapping of your name to phone number to leak. I am not going to rotate phone numbers amongst family and friends every few months to avoid this because this would be an enormous use of time.
I’m glad you are able to make the scheme work but this isn’t a workable model everywhere.
