Re: Once again, a professional company is hacked
There has to be a trade off between ease of use, convenience and security.
Air-gapped data is secure, but convenient? No.
Time-based 2FA (e.g. Google Authenticator) is probably one of the best compromises, but can be MITM-ed.
SMS-based 2FA can also be MITM-ed.
A hardware (U2F/FIDO) key is probably the most secure, but less convenient to use. And it can be lost...
I think the best option is continuously educating the user, but that is often seen more as a cost than a benefit to the company.