If a cloud-based system doesn't support technologies that deter social engineering, it's still a problem. Some login portals to check your credit history don't even support 2FA.

So I think it matters, I think access systems should be designed with a wider set of human behaviors in mind, and there should be technical hurdles to leaking a majority of customers' personal information.