It is, and by 2FA I mean two-factor authentication and, by extension, Multi-Factor Authentication.
I wrote about the tension between Digital Sovereignty and 2FA in 2FA or not 2FA and in Loss of Digital Sovereignty via Multi-Factor Authentication.
What I could imagine as a solution is an EU-mandated user-facing authentication scheme that requires only a random string, pretty much like the API keys of today's enterprise software. The likes of Slack, Salesforce, or Workday all have such APIs, but they are now used almost exclusively by application developers, not end users.
Passkeys could have been a solution, but they were rendered useless if not harmful by the industry.
Things changed with recent AI advances, though. Anyone, not just programmers, can write and AIs skills that integrate API access to one of those providers into their AI workflow, so that their chat becomes the only interface to the world. 2FA will first be used to get the tokens, but later, given its minimal traffic and importance, it will be replaced by simpler workflows, e.g. one-time tokens sent by email or, in case of critical services, by digital ids.
To prove my point, Ikea, the staple of usability, recently switched from username /password combo to Email OTP, skipping the 2FA hurdles entirely.
2FA is dead, AI killed it.