True, but you assume 2FA is implemented correctly and doesn’t have a bypass. What I’m saying is that they’re often poor at what they do, so I don’t put excessive trust in them.