2FA is the solution to many problems, but is imperfect in some ways itself. It encourages weak passwords, since you've got 2FA to back it up.
My friend Steve Gibson is working on SQRL, as many of you know, which does help a lot with this password mess.
We'll end this thread here, and hope DC goes full SSL when the site is refactored -- which I'm sure he'll do to save money, if nothing else. He's paying way too much as-is. It's just a lot of work, but will be a good learning experience, and he's more than capable.