Tokenization is not new. We’ve been doing tokenization with Kerberos for decades. 2FA is really taking off with key providers out there everywhere, but the setup is very specific and requires maintenance to prevent outages and issues. With OAuth, OATH, and FIDO, there are many different standards, but they all work generally the same way. It’s still only a second factor. Passwords are still somewhat at play unless you’re going passwordless like so many large corporations.
My advice to prevent these breaches from impacting you: get a password management utility such as KeePass. Keep it local if you can. If it’s in the cloud, it can be stolen and brute forced. If you use KeePass, get a YubiKey, secure it with a certificate or OTP, and have a different, 20+ character passwords for EVERYTHING. Never reuse passwords. Ever. That’s why these breaches are so terrible.
It’s definitely not new. But it’s spent most of its life as an open secret. Oauth has been around for ages, but nobody outside ‘nix world cared until a couple of years ago. Then MS started talking about it. Now it’s spreading like kudzu.