None of the available options seem to be either safe or smart anymore. We are only protected due to sheer numbers, so the chance is exceedingly small that you will be targeted by someone to hack.
BTW, you also have to upload a picture of your ID in order to establish the account with ID.me.
Something I'm just absolutely loath to give to a privately or publicly held corporation, given the complete lack of legal liability and accountability any corporations seem to have these days for the data they hold whenever they (inevitably) get hacked.
Not sure that I agree. You upload a picture, but that could only be for verification purposes by a human, then that doesn't necessarily mean the pic persists. Maybe it does, I really don't know but I don't think that a pic of an ID card is enough for a compromise since even a car dealership can make a scan of your ID if you want to take a test drive.
Similar for other info, some more responsible sites don't store this info, just use it for initial verification, and even passwords are encrypted with hash that isn't backwards engineerable.
I do agree about lack of accountability, being unfair, but this is the modern life we live in. Personally, I am the reverse, that I am annoyed by 2FA and don't want to use phone/email/etc to do what I've always done in the past without that. I don't otherwise engage in dodgy connections so I'm forced to have this extra burden for those that do.