Having unique passwords isn’t something you should rely on either. Good MFA practices limits the impact of breaches like this. It isn't an either/or thing, do both.