I have a Microsoft Account linked to a Microsoft Authenticator app for 2FA purposes. Every time I log in, it first sends me the Authentificator request, but I can always click "Other ways to sign in" and then choose "Use my password instead", which then prompts me for the good old password, and logs me in successfully.
But doesn’t that negate the point of having the 2FA at all?
I wouldn’t expect this mix of a cargo cult meets security theater from a major corporation. Or did I misunderstand something?