2FA is completely useless. It is far too vulnerable to phishing. 2FA vulnerabilities have been pointed out so many times.
Phishing is the main way unauthorized access happens, for individuals and in the corporate world. 2FA being so vulnerable to phishing should make it a non-starter.
2FA is never implemented because of security reasons (it is useless at that), but it is implemented because it allows the likes of Google, Microsoft and Apple to link your smartphone/email to you, 2FA is enforced onto users to gather private data on users.