Two factor authentication in some scenarios are actually helping thieves a lot

And sometimes you just need the access. 10 people know the same password for emergency as they all need to login via GMail somewhere. And you cannot even opt out of Google's security features. In case of Apple's ones it is also problematic, like I need two factor auth for "iMessage in the cloud" for no reason at all.

In case of banks it is still really needed to have the two factor auth. They need to pay a lot if someone pays instead of you. Better ones use their own token generators, not a plain text SMS catchable on air. That's fine.

But needing two factor auth to report an iPhone lost or "enable iMessage in the cloud" and Google accounts blocking access from other countries "just for a simple email address" even if the password was correct for the first time - this is wrong.

Common misconception: "if something is more annoying, it is more secure"

This theory failed many times:

-rotating time limited passwords --> passwords on post it
-unmemorable passwords (instead of FOurWordsW1thL33t) --> passwords on post it
-security questions (pre-defined list of very few elements, not even custom editable) --> easy to find answers on social media account of lots of users

Hope IT world will realise that two-factor authentication (apart from banks) forced to everyone and made it close to impossible to opt-out even for power users is not the solution either. We want our "I know what I'm doing and what I'm risking" buttons back, that's all

To be constructive: the best working solution so far:

You have 10 attempts in 24 hours then you are locked out for 24 hours to attempt any new password or you need very serious documents (Passport level) to identify yourself earlier. There the only risk is ones using the same password for more services. But an awareness campaign against using the same password everywhere would be much more useful than forcing two factor auth where it does not belong to.