Finally. Everyone seems to assume that 2FA is a great idea, but it is, in fact, a problem in itself, and a much larger problem than unauthorized access ever was. Unauthorized access was never an ubiquitous problem like 2FA definitely is. Unauthorized access was an exception. The only UA I had heard of prior to 2FA being rolled out was with users of Yahoo Mail. I can understand that some institutions may have experienced it more because they had so many users, but 2FA punishes everyone. Just consider the sheer amount of time it has wasted since being rolled out everywhere, 30 seconds at a time. It's centuries of wasted time by now to solve an issue affecting as little as 1% of users.

And 2FA can be defeated through social engineering, and it is defeated constantly in this way. I would far preferred password requirements with 80-bits of entropy than everywhere I log into requiring I collect a 6 digit number from an email, app, SMS message, etc.

But nearly everyone here seems to think this extra little bit of work at every login is a good thing, assuming they would ever have an account compromised. Seriously, how many here ever was compromised prior to 2FA? I've been online since 1983, and I had never come across it personally until after 2FA was rolled out.

Ignoring the personal inconvenience, 2FA's inconvenience increases exponentially for every 10 users being supported. Supporting 2FA among 10K users globally, just 2FA in itself, becomes a full time job for more than one administrator, when previously, those 10K users were commonly supported by a single tech.

Frankly, I'd far far rather take the risk of unauthorized access than being strong-armed into using 2FA. The amount of time 2FA wastes is far more than the time wasted by unauthorized access. The solution is far worse than the problem ever was.