We will end up with a situation where all interactions with computers (remote systems), including email, will need an initial step to pair/exchange keys, much like ssh. So when the bank wants to send me email, they can only do so if they have my public key. We should try to make this as frictionless as possible. Or, we generate semi-random email addresses that are short-lived, so that each company I interact with get their own unguesable email address.

Either way, we are getting to a point where offline-2FA will be mandatory for all auth systems and when interacting with another party, it will need something like the above to be sure you are dealing with the correct company.