Personally, it is exhausting to do the double, triple, quadruple, bioauthentication on numerous services, utilities, etc...
And the provider, service company, utility, etc... just give up the whole list. These people don't need to hack into accounts, they just need to hack into the server.