[bosie]

If an attacker has access to your computer, he should not be able to directly log into your bank account or insurance contracts. For me, both of those logins require the attacker having access to my 1Password account AND somehow have access to my phone (2fa). Please rethink your strategy if an attacker having access to your computer equals having access to your digital life.

[tjansen]

If the attacker is on your computer, he can access your bank account while you are being logged in (and possibly after that, if he disabled the logoff). He just needs to copy your session cookies and use your computer as proxy to use your IP address. 2FA doesn't really help in that scenario.

2FA 'only' prevents attackers from breaking in without having access to your computer, and you being logged in. If an action needs to be confirmed using 2FA (like a transfer of money), it can prevent this as well.