They do, I use a yubikey and it requires me to authenticate with it whenever I publish. They do support weaker 2fa methods as well, but you can choose.

If my grandma had wheels she'd be a bike. You don't need to attack the problem from only one angle.

Your grandma is a bike then. The 2fa is going to solve nothing and any attacker worth their salt knows it.

unphishable 2fa would have prevented this specific case tho... what are you talking about?