I always click NO to these, that's full human error. edit: The underlying issue is that they send a 2FA before asking for a password at all.