Multi-Factor Authentication (MFA) is great. Having MFA on a device where compulsion is the norm? Results may vary.
Multiple times over the course of the day I reached for my phone to use the MFA app for work. Instead I'd be spirited away to my web browser or email inbox. This went on for a stretch of time until I realized that the point of getting on my phone in the first place was to use MFA to log onto AWS and get work done. Woops. I compare it to putting a useful key inside a labyrinth where the path to the key is clear yet there are numerous corridors architected to distract you.
This is where hardware authentication devices like Yubikey seem appealing for MFA. A key that is just a key — nothing more, nothing less. Of course I could work on curbing my compulsory phone habits, but maybe I could save up for a Yubikey.
Just in case.