(no title)

Not that long time ago there was a discussion about 23andMe data leak through user accounts that reused emails/passwords on some other compromised site. I was surprised how many people here argued that 23andMe should be responsible for this data breach because it's common knowledge that people reuse passwords all the time and yet 23ndMe didn't make 2FA mandatory until after the leak.

Personally I prefer to have a choice on whether 2FA should be enabled or not but I also understand companies that don't want to be blamed for something that is entirely user's fault so it's much easier for them to make 2FA mandatory, even though with phone apps it's not really 2FA since it's the same device.