To be fair, I guess it's a product of being an organization of three million people who are globally dispersed, working in every conceivable environment. There are a lot of edge cases. So while smart card login was better for my case, other people worked in situations where username / password and SMS authentication was a dream. At the same time, we want everything to be uniform and interchangeable, because we've seen that patchworks of incompatible solutions can be even worse.