[amacneil]

> that’s not what service-level multi-factor authentication protects against

I don't understand your point. This is exactly what multi-factor authentication protects against if you don't store your MFA codes in your password manager.

[waihtis]

A password may be compromised via other routes than just through a password manager hijack, which is probably far down the probability scale of all of the possible ways to do so