I’m just not a fan of giving them another datapoint. Between me, microsoft, and the government in the room, we’re all systems, let’s swap secrets and I’ll generate my own code instead of them sending it to me. Just seems safer all around, but I’m resistant to change sometimes. For now TOTP still works with most of my MS accounts, one is forced to a damn yubikey though (not really against a hardware token but sometimes use can be limited).
I’m just not a fan of giving them another datapoint. Between me, microsoft, and the government in the room, we’re all systems, let’s swap secrets and I’ll generate my own code instead of them sending it to me. Just seems safer all around, but I’m resistant to change sometimes. For now TOTP still works with most of my MS accounts, one is forced to a damn yubikey though (not really against a hardware token but sometimes use can be limited).
Honestly I love my yubikey and I prefer it to passkeys any day of the week. Proton pass made passkeys less annoying, but I still hate them.