And also pretty bad advice. People, don’t use code sent to e-mail/phone as the second factor. If you’re targeted, you can get SIM swapped, and your e-mail can get compromised.

The best second factor is a hardware key (Yubikey), second best an authenticator app on your phone. 

 Agreed. SMS and email are the worst methods of MFA. 

 Still better than no MFA.

I like to include that because it can cause ppl to drop MFA completely if only SMS or email is available 

 Agree again. 

 Right.