Stop asking for my mobile number to register applications or for any reason at all.

You already get 2fa by sending the verification code through email. Sending it through mobile is an added security risk. It only makes it easier to compromise the account when hackers can just contact the mobile operator to be able to clone our mobile number.

The verification code through email is plenty. I have secure passwords on both email and twitch accounts, I can make sure they are safe, I can control that. I can't control what my mobile operator does with my SIM ID. Mobile services support line operators are a joke, and give those out like candy, and then accounts get compromised.

You want to cover your butts against any liability just suggest mobile 2fa, bad suggestion whatever, but don't force it. Use properly email 2fa is better, just because some users create email accounts with stupid easy passwords that doesn't mean you should force everyone to use a less secure 2fa method.

Please make it optional.