[Aachen]

See also the considerations mentioned in the sibling thread btw: https://news.ycombinator.com/item?id=41793846

> even if they got your password, if they don't have access to your password manager they can't login.

Wouldn't the same argument go for a non-2fa password? What's the difference between a randomly generated 2fa secret and a randomly generated password here?

[account42]

An eavesdropper able to intercept connections could record your password in transit but would only get the current 2FA token which quickly becomes useless. But with TLS eavesdroppers are not a realistic concern for most people so the actual benefit is still questionable.