That's exactly what I am complaining about: it is designed badly, I didn't ask for this and I can't turn it off.. I didn't ask for this, and still can't turn it off.
On the other hand, Google does even worse: sometimes it requires 2FA with SMS when I have specifically turned it off, knowing I'll be abroad without SMS connectivity. Still, Google doesn't give a shit on disabled settings and still demands 2FA auth on connects from previously unused addresses. The only reliable way to circumvent this is to use a VPN with a fixed address, so Google always thinks it's a 'same' location.
On the other hand, Google does even worse: sometimes it requires 2FA with SMS when I have specifically turned it off, knowing I'll be abroad without SMS connectivity. Still, Google doesn't give a shit on disabled settings and still demands 2FA auth on connects from previously unused addresses. The only reliable way to circumvent this is to use a VPN with a fixed address, so Google always thinks it's a 'same' location.