Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
Several of the larger password managers have started requiring MFA on new accounts. Bitwarden, for example, now requires at least an email verification. They encourage you to use other MFA methods instead, like an Authenticator app. But they at least have the email as a last-ditch “fucking fine, you really don’t want to install an Authenticator app? Here, we’re forcing you to use this as the bare minimum” backup.
Several of the larger password managers have started requiring MFA on new accounts. Bitwarden, for example, now requires at least an email verification. They encourage you to use other MFA methods instead, like an Authenticator app. But they at least have the email as a last-ditch “fucking fine, you really don’t want to install an Authenticator app? Here, we’re forcing you to use this as the bare minimum” backup.
And that’s how it should be. In fact, I switched banks to the only one I could find that had MFA, because I value security as an option.