Quote Originally Posted by bloop1564 View Post

100000% agree. My friend has learned their lesson and implemented 2FA immediately after getting their account back. Maybe if anything, SE needs to implement mandatory 2FA for new/existing accounts. Of course social engineering will still make people get hacked, but at least it'll be harder... ish.
It doesn't make it harder at all for the most common phishing methods. People hand over there account name and password quite readily without TFA and with it, they just have over the TFA as well.

It would protect against hacking but it does not protect against the much more common phishing.

(I still never went without my TFA for longer than it took me from the one that after more than a decade of use had trouble responding to button presses to a new one.)