It’s definitely a context switch that disrupts one’s workflow. I would maybe have settled if they were sending the verification codes via SMS for 2FA, but there’s no way I’m installing all kinds of apps!
Technically speaking, you’re not forced to use Salesforce’s authenticator app. You are forced to use one of the following:
A authenticator app for your mobile phone (such as the one by Salesforce, or other third party)
One-Time Password Generator (also a third-party mobile app)
Security Key (a physical device)
Recovery Codes (these only work in combination with the former three, and create confusion by being listed together with them).
The truth is, I never want to bother with this level of security when gaining access to my websites and apps. Hypothetically this could be a good opportunity to invest in a HW security key (which is a solid security mechanism that can be used anytime one needs to log in).
That day, I needed to log in immediately and got delayed because Heroku insisted I do things THEIR way — which is very unintuitive. So, I had to give them the boot.