2FA helps people who have terrible security but harms those who have good security.

If you don't have the device compromised then the only way to break into the account is getting the password. This is only possible in these cases:

* You don't use password manager and type the password every time, some camera in public sees you typing it

* You use the same password on multiple services and one of them is hacked

* The service has data leak and your password is weak

*The service has data leak and they don't store the password properly

* The service is compromised and you enter the password at the time

As you see except for the last two you can prevent these. In case of any of the last two you're already screwed and 2FA doesn't help.

If your device is compromised then the attacker will just wait for you to login and use your logged-in device to do the harmful actions he wants in the background without having to use 2FA or password.

And even if you can specifically 2FA "more harmful" actions, which would be a good idea, nobody actually does it in meaningful way. The other device doesn't show you what you're actually confirming, only that you're confirming something. For instance you might think you're confirming permission change and you actually confirm account deletion.