I wish sites offered a way to opt out of 2FA if your password has enough entropy (128 bit random string). These are not getting cracked anytime soon. I store my TOTPs in keepassxc with the other passwords anyway. The keepassxc database is the "something you have" and its password is "something you know", and the random string is a testament to that. Also stop forcing SMS 2FA please. I don't want to need to have a phone.
I agree although sites still might concerned about password re-use they could just have an option to generate what is basically a key. Instead of a password and some sort 2fa "token" which is basicallly a key. Accept for that 2fa token only a low amount the entropy is capable of generating is used.
