Re: Stale old creds...
SMS 2FA is in some ways the equivalent of 'security through obscurity'.
Because yes, 'security through obscurity' actually works just fucking great for most people.
Sure, it's of very little use to a targeted attack, but most people aren't subject to targetted attacks, instead it's just the random drive-by attacks, like the one in TFA.
If your device is just that little bit out of the ordinary, say your ssh is on port 2222, you're going to be avoiding a lot of the random port scanning for vulnerabilities that might be a problem anyway.