The purpose of security is Not to keep the bad guys out, it's to keep anyone but you out, and multi-factor authentication steps on your privacy while introducing a new and existential chance of you losing access to your own account. But the real problem is that you can Not be secure if a third party who doesn't e know or care what your actual security needs are is in charge of your security.
On top of which, unless someone already had a secure physical life, the physical authentication factor is Only an increased inconvenience, and obfuscation, and thus vulnerability. Those who support increased security by default do not understand security.