Well affiliate marketing actually could get you far if done right, and apparently they must be. As for the phone, that's standard practice for 2FA. But a separate argument altogether, is that it's funny that they still use texting for 2FA anyway. People do realize how easy phone numbers can be intercepted, right? T-mobile flaw, I'm looking at you, you were recently fixed. Why the hell aren't we using hardware tokens? We really should be. I'm telling you, Ilok could be so far ahead of its time if they branched out to more than just licensing. It could be an authorization token for your online accounts. If only they allowed you to use any old flash drive with it though, but I doubt that has anything to do with anti-competitiveness. They encryption straight on the device must require a custom firmware. But what about mainstream methods? Software Passport/Armadillo had hardware token ability using native Windows USB api's. But I digress. The point is that hardware tokens could and should be used a lot more than they are now. Then again, companies get your phone number through 2FA, so they can sell your soul and spam you with ads, right? Right.