If I set up 2FA on my Microsoft account (for example) and I create multiple methods such as SMS, email, and an authenticator app, will I be more vulnerable than if I only set up the authenticator app?
I was wondering this because if my email gets hacked then the hacker could just use my email (if they already have my password) to authenticate my identity. If my ex-girlfriend stole took my SIM card (with my phone number) and knew my password then she could gain access to my account even though I have my phone with a new number. So am I correct for assuming that setting up only one method of authentication would make me more secure because it leaves less vulnerabilities to exploit?
I believe that an authenticator app (like Google Authenticator) is the most secure and easy method for the average user but I’d like to know if I should go through all my accounts and remove email and SMS as a method.