It’s a circus out there…
One of my financial institutions supports yubikeys, but does not have the option to turn off sms 2fa. A chain is as strong as the weakest link, as usual.
Another only has sms 2fa and bizarrely allows me to specify any phone number at login time to receive the code. WTF?
Most only have 2fa via sms. When you talk about using an authenticator app people bitch and moan because they have to cut and paste those digits into the login page. Oh, the humanity…
Don’t even get me started on sites with “roll your own” schemes, like forcing you to install their app (which requires all permissions under the sun) just to accept a push message and allow you to login on their website.
If you use an android phone, just create a separate account on your phone just with the apps you want the police to see. No email, photos, social media, or anything. This way you can switch to the restricted user before giving the cop your phone.