The image shows an account of mine and the attempted logins from various countries around the world. It’s more common than you think.

I know that “two-factor extra six digit pin thing” is a pain.

Using MFA for services like your email, banking and password manager (you use one, right?) is not so great a hardship once or twice a day. Consider how valuable a target those services can be. Access to your e-mail allows an attacker to reset your account password!

While the “text code to your phone” is an option, it’s not the best method (due to “sim swap” attacks and the like). Better to use a code generator, preferably one based on a key or other security device. They are easy to pop into a USB port or tap on your phone to garner the login codes.

As far as security goes, convenience often isn’t the best option.

To get to my email I have to type a drive decryption code, my system login password, insert a USB security key (kept on my keychain) and type my mailbox password. Takes seconds.