Google didn't introduce 2FA for no reason. While Google does lots of things for reasons I don't like, 2FA was most definitely introduced for valid reasons, which could easily result in a problem as bad (or worse) than the one the librarian is discussing.
The IRS recently had a problem with people using their online access tools to get other people's refund. Insufficient security on authentication can easily be as bad or worse than 2FA.
The IRS recently had a problem with people using their online access tools to get other people's refund. Insufficient security on authentication can easily be as bad or worse than 2FA.