Amazon 2FA
So I can enable 2FA using an app like Google Authenticator. That sounds OK-ish, but then Amazon insists on setting up my phone as a secondary 2FA (text or voice).
I must be missing something here. The main reason for using an authenticator app is to avoid SMS hijacking, but a miscreant going down the backup 2FA route can still succeed?