Everyone keeping their 2FAs all on their cell phone (same place many store passwords), and on apps hosted by big tech seems risky to me.