I've got a question I haven't been able to find an answer to: if two-factor authentication is set up, is it still as necessary to change the password? I get that it's a good idea anyway, but I'm just curious if the risk is the same or if two-factor mitigates a lot of it.