2-factor authentication (2FA) or OTP (one time passcode) are common use cases for toll-free messaging.
All business messaging use cases, including 2FA/OTP messaging, requires consent from the end user in order to send messages (though the type of consent varies based on use case). For 2FA/OTP, you must have express consent to send a 2FA or OTP text message,. Typically, express consent for 2FA/OTP text message is obtained by informing the user they will receive an OTP notification at the phone number they provide, or informing them when they update their phone number in an online profile.
To get your toll-free number verified for a 2FA/OTP use case, you must provide proof of consent. A screenshot or live URL is ideal. If you don't have a screenshot or URL available, then you must provide a thorough, detailed description of how you collect the end users' express consent. OTP/2FA use cases do not exclude the need to provide proof of consent, and language in T&Cs or Privacy Policy is not sufficient for express consent.