For sure I've had a bee in my bonnet for a long time about 2fa, or worse, mfa, ever since we first had it foisted on us, it's not more secure at all, it doubles the attack interface, in fact we could argue the attack interface follows an inverse of Metcalfe's law, it increases by the square of the number of entry points, so it's actually x4 less secure than just having a single point of entry.
Its all about getting our email or phone number, for direct marketing, which is kind of merging with scams, now we are seeing that when profitability (availability of energy to rip off as money) gets scarcer with lower availability of energy available to extract in the environment, "business", in order to remain competitive, now has to resort to things we once would have defined as crime.
Hey-ho, nobody will care much, after all data has been ripped off and put in the commons by Ai, to which no human created data security barriers are barriers anyhow, and we finally start to monetise the only energy source that can be monetised by money issued for free to all people (It insists), we won't care about it, if we don't need it to survive.