I don't understand using 2FA for most things. My iCloud has its own 2FA, as it should. That relies on special systems to share keys between my devices. Everything else can use a randomly generated password that my Keychain stores. That's the same level of security as every site using 2FA with my one 2FA app (equally resistant to attackers with password databases and equally fallible to fully compromised sites) but far less of a hassle. If I were in Google's ecosystem, it'd be similar. If I want to switch ecosystems, I can export my passwords.