Indeed. Since we started from scratch we were very careful about what goes in and what doesn't. Not trying to be ignorant regarding 2FA, but rather always prefer to hear the actual reasons.

Nevertheless, thank you guys for all the suggestions, we will work to get 2FA in ASAP.

Would it be possible to consider adding security keys as a second factor of authentication? For example a Yubikey[1].

It's slowly being adopted by major players, Google, Github and LastPass to name a few.

[1] https://developers.yubico.com/

If they use a 2FA service like authy, this kind of support is often built in. I don't know what these devs have in store for 2FA though.

Yes please consider Authy, they make it especially easy to do 2FA as a user.

https://www.authy.com/developers