There's no reason that a service's "proof of personhood"/anti-bot mechanism has to be the same as that used for OTP delivery, though.
Google does this very well: They require a phone number of spam account creation prevention – once. After that, I can delete the phone number from my account and use a FIDO key, TOTP or any other 2FA method.
Google does this very well: They require a phone number of spam account creation prevention – once. After that, I can delete the phone number from my account and use a FIDO key, TOTP or any other 2FA method.