@dreadpir8robots I totally agree. I was trying to make it clear that I'm not being a stick in the mud sysadmin screaming "KILL ALL 2FA!". I just despise the #securitytheater of putting 2FA everywhere, just because.
I also know that these methods stop the 'honest thief' but anyone with any real dedication to doing harm can buy 0days, steal cookies, spearphish, gain access to email, sms, etc.
Those looking to do real harm likely aren't going attack services using my creds.