Password-only authentication still has its uses. I don’t want to use 2FA when I’m logging into a website I’ll use once and never again and does not have any private info about me, maybe to post a comment for example. Or try a service they are demoing.
Those are totally valid use cases. In no way was I saying everything had to offer 2FA. Just pointing out that it is not just for those that don't know how to craft strong passwords or those that practice poor security hygiene, that it is a useful option to have when security is important.
