How good is 2FA if vendor uses it for advertising purposes. Twitter was fined by FTC and here is the story https://www.ftc.gov/business-guidance/blog/2022/05/twitter-pay-150-million-penalty-allegedly-breaking-its-privacy-promises-again but how can you trust other vendors that they would not use your PII for purposes other than 2FA. Best way is to avoid vendors who want PII for 2FA authentication, and use apps that generate time based code. #punkprivacy