The problem with the active key is that its security makes it easy for people to misuse. Nobody can remember a random alphanumeric string of that length, so they would have to write it down somewhere, or more likely, copy and paste it somewhere. Depending on where they copy-pasted it (on their desktop), they might have set themselves up to have their account compromised.

I prefer 2FA + password because I can remember the password.

I don't think it would be a bad idea to enable 2FA on certain actions, for example, transferring STEEM/SBD would require 2FA, but you could continue posting and upvoting for the duration of your current session. However, you log out of your account completely, you would need 2FA to log back in.

In any case, I'm not proposing that 2FA be mandatory for anyone. However, it would be a great feature for those of us who are willing to take the trade-off of a little extra hassle for extra account security.

I hadn't appreciated until recently how much money people are keeping in their wallets on steemit. As this information is publicly available, it puts a target on your back to have your account compromised.