Yeah but if that's not the default 2 factor authentication is not secure and its an illusion of safety. For companies and groups to claim its gives you all this security when it doesn't follow through even in the default case is misleading. No shade on you but your talking about a lot of hops to go thru just to make someones broken model work.