Originally Posted by
jsloan
And by "positive step," you mean "complete waste of time that provides security theater but no actual security."
The biggest effect of so-called internet 2FA is that it's harder for you to regain control of your account after it's been hacked, as the hackers are better at breaching "2FA" systems than you are.
Your point is well taken that much of 2FA has holes in it. For me the primary point of 2FA is that I don't need to outrun the tiger, just the other runners. As long as my account is more difficult to hack, it is less interesting.
Yes, I know that my information has been, can be, and will be stolen time and time again without any involvement with me or any of my authentication factors, but I still turn on 2/MFA every chance I get and I vastly prefer authenticator apps and physical tokens to sms codes or challenge questions.