> Sometimes, a lack of choices is a feature. (Compare e.g.: IPSec vs. Wireguard).
HTTP vs. HTTPS seems like a more appropriate comparison in this context. Passwords and OTPs are really, really phishable.