@GossiTheDog
It still provides a layer of security, provided the threat actor isn't one of the governments Microsoft cooperates with, can't hack Microsoft's servers, can't impersonate law enforcement, and can't hack your Microsoft account (if I recall correctly, getting a recovery key requires password + SMS token, both of which are easy to steal).
In other words, a lock made of papier-mâché.