A lot of FR veterans would not be willing to trust even this site with a phone number.
You don’t have to give MFA your phone number if it’s set up right.
The way I’ve set it up - the app generates a unique code representing your username and password, that is 512 bit encrypted, and creates a QR code from it. You scan the QR code into the authenticator app on your phone, and it sends the combined QR+emei encrypted in the other direction.
This way, your phone doesn’t even know what the code does, and the website doesn’t have your phone number.
If you unlock your phone while the authenticator app is waiting for MFA, the app recognises that as proof it’s your phone and biometrics. Sends a message to the MFA server, which then sends “yes, it’s him” to the website.
But when you log in, the authenticator service broadcasts the mfa challenge and only one phone can reply to it.