Do we have any data on the effectiveness of 2FA?

Is it all to make people THINK their accounts are secure?

Yes, if someone has either (i) hacked my account UID and password and my email password, or (ii) hacked my account UID and password AND stolen my phone AND opened my phone, they can get at my accounts, if I'm not aware of the hack/theft and have not changed my passwords. To be sure, that can happen. But it's harder than just stealing the UID and PW.

Many of my 2FA accounts allow me to put a cookie on my browser so that I only have to do 2FA from that browser once. Others, particularly financial sites, want 2FA every time. It's annoying, but I believe it makes the cost of hacking prohibitive for a lot of would-be thieves. Contrary data would convince me otherwise.