As terrible as proprietary app 2fa is, it still beats the tar out of SMS or email 2fa, security-wise. I don't get why my bank, who used to be pretty cutting edge, never implemented TOTP or passkeys...