I think you want both of these things. Realistically we're not at a point yet where all MFA credentials are phishing resistant.