My main concern is how the 2fa, assuming it is a temporary code good for only minutes, would be sent out for accounts that DO log in from different IPs and geographic locations. Just because no one here does that, does not mean it never legitimately happens. Some people have more complicated RL lives and travel and work elsewhere beside home, and need a reliable 2fa method that includes them.
When you are given options for a 2fa method of contact, LL should allow at least 4 telephone numbers, portable or fixed for voice and/or SMS text. They should also allow at least 2 email accounts for verification. You can not always couple and forward e-mail accounts. And they should always allow multiple IP's, with 2fa triggered only when the IP changes as mentioned earlier.
When a menu pops up when you try to log in, or buy Lindens, it should have check off boxes on the different ways to notify you, and these can be changed within your selected 2fa methods at any time. This is already standard with many financial institutions, before you log in from a new IP, or a new computer (eg different cookie stored). Of course this will be a few extra steps and many will complain, or get locked out of their account. LL should be prepared to increase their support staff to help locked out residents. At the present time, if you have any support problem after about 5pm slt Friday until 7am slt Monday, you are SOL. So this is not so simple as some think it is to implement fairly...