Although security has improved with the release of other 2FA solutions, most rely on a centralized infrastructure to generate and authenticate codes.
This allows for a surface area of attack either against the servers or the authentication protocol itself.
Many accounts systems have improved but still require use of your email or phone number as a backup to either an account or your 2FA.
This leaves them vulnerable to a variety of attacks: