1. 2FA over SMS is only $23 away from a compromised phone service

2. People love binding individual accounts to specific IP addresses, and large marketing firms especially like websites that use free DNS service to quietly track said users across the session

3. Much like DRM, the account auto constrains a single user to a single IP. Makes sense... unless you run a business account with a dozen people clearing a shared inbox

4. SMS inbox phone numbers are $2.75, and that requirement is bypassed if the company smartphone hardware/emulation is in use for account "recovery"

5. SIM hijacking and email server snooping is far more common than people like to admit

6. People feel safer, but it only increases the CVE difficulty level slightly above third world skill levels

This is why we can't have nice things =3