[mig39]

Can you explain? I use 2FA and tell it to remember me on this device, right?

If a Syrian hacker phished my password, he wouldn't be able to login on his system, would he?

[RegEx]

You're completely right. I was too focused on the fact that 2FA doesn't text you every time you log in, meaning a 2FA user wouldn't find a google login prompt without a text code requirement abnormal. They couldn't login from their own machines - that's the whole point! Silly me.