As with many things, cybersecurity involves a trade-off between security and convenience.
I encounter this most frequently when I demand advise a client to enforce the use of Multi-Factor Authentication (aka MFA; 2FA; Two Factor Authentication) on their IT systems.
The pushback usually relates to the inconvenience of having to enter a security code as well as a password.
It is sooo much more convenient to just enter a password.
So What?
What’s convenient for you is also convenient for the bad guys.
If you insist on using only a password to secure your systems, you are on a voyage in dangerous waters.
You may survive.
But is it worth the risk?