This doesn't really bother me because you can use Google Authenticator-style TOTP codes instead, which are free, and I don't expect Fastmail to run their own SMS infrastructure, so they presumably have to pay someone. It would be nice not to have to manually append the code to your password though, as the set-up page suggests, because this would mess up password managers. Why not detect when someone's logging in with 2-factor authentication and present an additional panel for the verification code, like most websites do?
Also agreed that it's not 'true' 2-factor authentication if you can get product support or log in with only a master password. That opens up a lot of social engineering attacks. But then, true 2-factor authentication is also a support nightmare when people lose their passwords, so I'm sympathetic, but it doesn't change the fact it's not ideal.
Also agreed that it's not 'true' 2-factor authentication if you can get product support or log in with only a master password. That opens up a lot of social engineering attacks. But then, true 2-factor authentication is also a support nightmare when people lose their passwords, so I'm sympathetic, but it doesn't change the fact it's not ideal.