Password managers and 2FA mostly solve the problem of credential stuffing but unfortunately millions of people still don't use it. 2FA is actually pretty good unless your account is a high profile account then bad actors might try to SIM swap[0] you and hijack your mobile phone number and essentially bypass 2FA. But there are others ways of 2FA too.
[0] https://en.wikipedia.org/wiki/SIM_swap_scam