[aftbit]

IMO the real advantages of 2FA are threefold:

1. The key is generated by the server, not the client (human), so it cannot be reused like a password.

2. The authentication is temporally bound, so phishing only offers access for ~30 seconds, unlike a password where it provides unlimited access until someone changes it (never unless forced in practice).

3. It's literally required for many services, so you need to use it. The alternatives to storing your secrets in your password manager are keeping them on your phone (which is how most people log in anyway, so its already becoming a single point of failure) or using something like SMS 2FA, which is even worse as SIM jacking is pretty trivially possible on most providers.