Part of this is the theory if one is compromised the other is less likely.

Think of this, a data breach exposed emails and passwords, they then know how to log in to that platform. A lot of people use a common password so that person could be more likely to get into that email with the same password.

If the 2FA is by another system, SMS, that would require the physical phone, much less likeky to intercept without more info.