Same here, but disturbingly some sites are making it a requirement.
The Match Group dating sites like Plenty of Fish and OkCupid recently made it a hard requirement to setup a 2FA phone number, even for existing accounts.
It's a super annoying trajectory, and I imagine potentially dangerous if one considers the dating sites and victims of abusive relationships attempting to get out. Making physical access to the phone all one needs to gain access to a dating profile is a clear regression from unsaved passwords.
Without any form of national ID it's a really hard problem to solve. As someone who runs my own login system, I require phone numbers to prevent botting. Obviously you can make a bot through Twilio etc, but it becomes economically nonviable to mount attacks through bot registration, which is my goal.
What are you doing to combat the risks of attacks like SIM-swapping?
Personally I find using phone numbers for this purpose as a cop-out, and like you said it's just a Twilio account away from being defeated. Like captchas it's only a matter of time before that is the baseline capability for bots and you're in no better place than before, except now your users have worsened security.
IMHO the true business incentive for requiring numbers is just getting identity-coupled phone numbers which add significant value to their collection of PII.
The Match Group dating sites like Plenty of Fish and OkCupid recently made it a hard requirement to setup a 2FA phone number, even for existing accounts.
It's a super annoying trajectory, and I imagine potentially dangerous if one considers the dating sites and victims of abusive relationships attempting to get out. Making physical access to the phone all one needs to gain access to a dating profile is a clear regression from unsaved passwords.