Other 2FA UX nags:
- When there is one entry cell per character, and you can't copy/paste a code
- When some sites automatically submit/process the code when the last character is entered (looking at you Atlassian), punishing typos
The latter would be fine if every 2FA field worked that way, but the unexpected auto-submit means I also hit enter which sometimes triggers it twice.