How can 2FA help prevent formjacking?

Question

This article by Avira (part of NortonLifeLock) claims that 2FA (2-Factor Authentication) may be sufficient to protect against formjacking:

Enable 2-Factor Authentication: Create strong and complex passwords to protect all your accounts. If possible, configure 2-factor authentication, as this may be enough to protect you from a formjacking attack.

How can 2FA protect against formjacking? If either device involved in a transaction is compromised with formjacking code, it seems like 2FA will be irrelevant.

Answer 1

It doesn't protect you against form-jacking, it protects you against someone gaining access to your account despite form-jacking.

Most 2FA mechanisms utilize a native apps containing a secret to generate time-based one-time passwords (continuously replacing text messages). These TOTPs work completely offline, making form-jacking virtually impossible (which is already quite difficult to pull of native apps).