All 2FA is security theater. All 2FA in use today is normally just 1FA pretending to be 2FA. If I have your phone, then I have everything I need to login. That's 1 factor. 2FA is only 2FA if the physical device ownership requirement does not have access to use the thing being accessed. Why? Because you store passwords on that device. That device has your password. If I have the device, I have your password. You would have to use no auto-fill and memorize your passwords so that the physical device does not have your password in it. The point is, if I get one factor, I don't have the other. But in reality, our physical devices can access the thing we want, and therefore you likely store your credentials on that device.
This happened to my friend too. He was arguing for a new modem. They said no there was no problem. So he replaced it with a non-comcast modem and poof max speed.