Comment by simoncion

> What should they have done? Just permit everyone to avoid upgrading to 2FA indefinitely?

Yes. I've had online accounts for nearly as long as there's been an "online". The only time I've ever lost control of an account was due to 2FA.

2FA should always be optional for one's personal accounts. [0] People who can securely manage passwords simply don't need it. And if Organized Crime or Mossad wants access to my accounts, 2FA is not going to stop them.

[0] Corporate accounts and hardware are a different matter. You manage those however your employer commands you to manage them.