I hate passwords, I hope they can ditch them some day. But I have hundreds of games worth hundreds of dollars in my Steam account. I’m not going to lose all that to some neck beard hacker in Ukraine who got bored and grepped my password from a database.
Just to illustrate the power of 2-Factor Authentication I’ve created an expendable, example gmail account on my Google Apps account.
I authorize ANYONE to use my user name and password.
Goto google and sign in with this.
Nobody can sign in to this account without a physical U2F security key. Or the backup, a rotating one time password.