Two-factor can be spoofed, plus if your phone has malware, a hacker can screen capture your 2FA codes to login. Additionally, if you're using text messages as your 2FA, some cyber crooks will call your phone company and get your phone number ported to their phone, then gain complete access to any incoming 2FA codes related to any of your logins.