Following the mysterious "1 1" notification Samsung sent out a couple weeks back, the company admitted to a "small" data breach that affected a handful of customers, claimed to be less than 150. It may have been a minor blip, but the company apparently isn't taking any chances. Based on an update to the Samsung Account app rolling out now via the Galaxy Store, Samsung is now making two-factor authentication mandatory for all new logins.
Samsung Account update in the Galaxy Store.
This change doesn't affect devices that are already logged in, according to SamMobile, who first spotted the update rolling out via the Galaxy Store just a few hours ago. But if you attempt to log in on a new device, you'll be prompted with the additional authentication mechanism.
Samsung does offer multiple mechanisms for 2FA authentication, so if you'd prefer not to use an SMS-based system, you can set it up to work via an authenticator app (which is more secure and doesn't suffer from SIM-swap attacks). By default, Samsung's 2FA system previously used SMS, though.
For some context, Amazon-owned Ring also enabled 2FA by default for all new accounts following its own security snafu.
We should all probably be using two-factor authentication at every possible opportunity, given how valuable our accounts and data are these days. Some might see making 2FA mandatory as a draconian step, since it does add a small inconvenience at the time of login, but from my perspective, the gains when it comes to customer security make it worth the tradeoff. Every account you value beyond a few minutes worth of work should require 2FA authentication, and kudos to Samsung for forcing customers to act in their own interests going forward.