I think there should be more than one method for verifying accounts so that if one method is compromised or lost, you can easily switch to another. I would recommend email and phone numbers are added.

Plus, I don't think the placement of the security codes is very intuitive. I have tried to set up 2FA twice and somehow missed them. I think it would be better if we are given the option to print or download them after adding the verification device.