Is there any point in using two step authentication if you have strong passwords?
There are a few benefits that persist in 2FA:
- A keylogger can't make use of my 2FA passwords for later.
- I can't share my 2FA with somebody on an ongoing basis.
- I'm more likely to know my 2FA credentials are compromised (e.g., because my token is missing) than somebody simply copying my sticky note hidden in my wallet.
- Somebody who phishes you will be have a limited window during which 2FA will be useful for them and it won't be ongoing.
Controlling the password is usually weaker than the password itself, and that makes 2FA very helpful even with very strong passwords.