I wonder how frequently used the accounts which are used for fraud are?
But I guess it's tricky -- maybe I'm signing in from a remote location after many months of inactivity to post some vacation photos, and can't receive texts on my phone because it doesn't work in whatever country I'm in...
And the fact that you have to give up more privacy to increase security. I'd rather Facebook not know my phone number (though it's stupid to think they don't already have it due to any one of my friends syncing their contact information).
It's the little things like this that put me off to Facebook. It feels like every attempt to make the site "better" is just another attempt to get more information from a user.
I'm not very keen on those two-factor approaches like this that use text messages to your phone. The text message often does not arrive. And in some places you have to pay to receive text messages so it can cost money to log in.
It would be preferable if they could just use the Google Authenticator app like a few other sites do.
There is a 2-factor code generator built into the Facebook app for iOS and Android specifically to help with SMS deliverability problems. Have a look at https://www.facebook.com/help/270942386330392/
