Nah, any decent password manager or security application can manage multi-factor security credentials of any kind without lock-out due to phone loss.
Password authentication is beyond primitive by offering too many avenues of attack: the full secret is transmitted & shared. Passkeys, client certificates, OTP don’t transmit the secret key. Passkeys & client certificates authentication never share a secret key, so the server can’t expose it.
The number of times I’ve seen screencaptures of text on a coding job that makes me think/say “you’re a coder, I’m a coder, you know we’ll need this as text, so what the fuck is wrong with you?” is too many.
Images of text happen way too often everywhere including lemmy. And they grace us without alt text like they’re going out of their way to fuck us & people with accessibility needs especially hard.