A password is a factor of authentication, so by definition is 1FA. Any service which allows access to the account through social engineering could be labeled as having less than 1FA.

If an attacker could access your account without knowing any of your secrets, then it's really 0FA.