[Aachen]

Removed? Do you regularly change passwords?

I can see the point when using a password manager, though it's typically overkill, but please be aware that forcing memorized secrets to be changed arbitrarily (e.g. time-based) is recommended not to do in the updated guidelines from USA's NIST, UK's NCSC, Microsoft, and others based on research into what effect it has on password quality.

[UncleMeat]

But the expectation is that something does change (the 2fa). If you use this system without a second factor then a hash breach screws you. And if you do have a second factor then this system achieves almost nothing.