Freakin Chipotle has mandatory 2FA. Blows my mind how thoroughly I need to authenticate myself to order a dang burrito.

Surprisingly, Chipotle is it's own layer of hell with it comes to auth. Every time I need to sign-in, I need to reset my password.

McDonald's, Taco Bell, and Dominos apps seem to be the best, everything else ends up in login hell (though I suspect I have two McDonald's and Taco Bell accounts from before they added Apple login).

Some are literally so bad I just won't use them anymore.

All most of these things need is basic authentication, set some long-lived whatever it is based on the Secure Enclave, and if then don't allow seeing the charge method or changing the delivery address without requiring some second factor. You don't need full bank-level security for a burrito (amusingly enough, my bank security is more based on normal things than the burritos are).