I would also love an answer here. I see the same thing on Mint. Every. Single. Log in. Even if I'm on the same computer and log back in 5 minutes later, it forces me to have an SMS code to log in. Even with 2FA turned off. This is absurd. Common security standards would allow you to remember a device for a period of time and only require 2FA on a log in from a different device or after a set period (like 7 or 14 days). This is such a terrible user experience.
