Firefox 70 released

> Is security something that only conscientious users should enjoy, or something that should be baked into the defaults.

Of course security should not be limited to conscientious users, but SMS 2FA strictly increases the conscientiousness you need to be secure. With 1FA you need to use strong unique passwords; with SMS 2FA you also need to use non-public throwaway phone numbers. I know several people personally who have had their numbers ported, which led to multiple simultaneous account compromises (even when using unique passwords), not to mention being extremely inconvenient.

> I understand that SMS 2FA puts more strain on the phone system's security, but it also puts more strain on attackers and slows them down too.

It doesn't seem to put any strain on the phone system's security. Phone companies are happy to let attackers port arbitrary numbers with basically no resistance and then absolve themselves of all responsibility. As far as I know no legal system in the world holds them accountable for this.