I recently noticed that I was having to wait for a 2fa token on every login, regardless of the trusted nature of the device or app. I called Fidelity Electronic Channel Support and they confirmed that all forms of 2fa (sms, totp via symantec vip access only) will now be required at every login and the trusted nature of the device or app will no longer be considered. This seems cumbersome, against typical practices, and designed to almost encourage lower security by causing frustrated customers to disable 2fa. Just wanted to get an opinion from you on whether you agree with Fidelity's position.