Its from the perspective that most users are bad at choosing passwords. We've been trying to get the average user to use distinct high entropy passwords for decades and it hasn't worked.
Imo, if people used passwords correctly, all common 2fa solutions other than yubikeys would be useless.
That's from the point of view of somebody trying a denial of service attack target at some user, right?