Standard authenticator (software or hardware) are, well, standard. You can pick anything compliant and use it with any compliant service. Requiring a specific app means that you have to install yet another app, which may or may not be well made, and may or may not snoop on you, and usually will only work with one service, assuming you have a compatible device to run it to begin with.
It’s more than an inconvenience; not insurmountable, but way more work than just having a standard thing that works perfectly well and is based on known and proven algorithms.
Don’t forget the dark pattern, where they need to allow push notifications to get two factor to work, but those same push notifications are now used to badger the user and create more advertisement touch points
Standard authenticator (software or hardware) are, well, standard. You can pick anything compliant and use it with any compliant service. Requiring a specific app means that you have to install yet another app, which may or may not be well made, and may or may not snoop on you, and usually will only work with one service, assuming you have a compatible device to run it to begin with.
It’s more than an inconvenience; not insurmountable, but way more work than just having a standard thing that works perfectly well and is based on known and proven algorithms.
Don’t forget the dark pattern, where they need to allow push notifications to get two factor to work, but those same push notifications are now used to badger the user and create more advertisement touch points