lets just hold the line of “the answer is always username/password + second factor”.

could be username/password + totp…

could be username/password + passkey…

if someone figures out my password, i dont lose everything…

if someone steals my passkey, i dont lose everything…

even if i do use the same password for everything, the second factor has it covered.

(nobody will ever guess my password of ******** anyway!)