[raverbashing]

Whenever I hear "oh but this 2FA is vulnerable to phishing" then why did security people annoy everybody and pushed for it before considering this factor?

I'm happy to use only a password for some sensitive things, because I can remember it.

Of course security is a spectrum and 2fa does help for a lot of stuff. Especially against websites that don't know how to hash your passwords properly (usually the ones from where passwords leak the most).

[Method5440]

I was going to comment something similar - I think the messaging around this needs to be more clear. It feels like I’ve been seeing serious security folk push the unqualified use of password managers for years now. Better hope granny never needs to use SSH.