So… I use a physical passkey as a second factor on top of username and password on all three of my Synology-boxes. I have TOTP as backup in case I should lose my passkey.
Anyways - synology has no clue about my phone number, so I’m not sure I agree with your sentiment that it’s a requirement.
Ah! Misread your comment in that case.