I don’t know what the solution is to this problem, but I do recognize the root of it: 2FAand MFA outsources the responsibility for keeping a platform safe away from the company that developed and runs it and places that burden onto users instead. Asking individual users to authenticate with a phone, a special app, or a code sent to their email …