Having a customer use the phone number as their primary account ID and primary means to identify themselves, and then use that same number for 2FA purpose does not increase security, but instead puts everything in a straight line and broadcasts the one key that opens the door to a user's account. Best practices for 2FA are to use 2 different identification items, such as a username/email address/etc and have the 2FA item associated with the account as metadata which is then referenced to complete that process. When I originally signed up with this service that is how everything was built, though it seems that security has taken a leap backwards with the phasing out of email address and usernames to log in and putting everything reliant on the sole phone number.