No, trust me, I do know! There are ways to do 2FA without a phone or second internet-enabled device (that's part of why we haven't figured out how we want to offer it yet, because there are a lot of bad 2FA implementations out there) but mandatory 2FA makes no sense unless you're storing high risk information like health records, prescribing details, or financial information. The reason for us to add optional 2FA would be for another layer of security for people like journalists, activists, or people with domestic abuse or an ex who keeps trying to get into their account: it offers more protection than a password alone, but in addition to the people who can't use it for whatever reason, it's an added layer of annoyance when logging in even if you knew for certain that you are a higher value target. There's absolutely no reason for us to make it mandatory.