As another commenter said above, email security is crucial given the number of sites and services that rely on email for password resets.

I can't imagine switching to an email provider that didn't use 2FA for that very reason.

Second that.

For me personally, my email is a kingpin of my online presence. Gaining access to my email would provide overridable access to a good portion of my online accounts. Not to mention if my email was hacked by a bad actor, my identity could easily be stolen with all the emails I keep in my archives.

A motivation to Migadu as a service would be the ability to attract more enterprise customers. I know that at my company, MFA is required for all email accounts. Offering MFA would be very attractive to companies wanting to move their email over to Migadu.

For example Podesta's emails would have never been accessed and sent to Wikileaks if he had been using it. Despite his password having been compromised. Not everyone uses this feature but those who do feel it is really important.

I think the benefits of two factor authentication are pretty obvious.

Indeed. Since we started from scratch we were very careful about what goes in and what doesn't. Not trying to be ignorant regarding 2FA, but rather always prefer to hear the actual reasons.

Nevertheless, thank you guys for all the suggestions, we will work to get 2FA in ASAP.

Would it be possible to consider adding security keys as a second factor of authentication? For example a Yubikey[1].

It's slowly being adopted by major players, Google, Github and LastPass to name a few.

[1] https://developers.yubico.com/

If they use a 2FA service like authy, this kind of support is often built in. I don't know what these devs have in store for 2FA though.

Yes please consider Authy, they make it especially easy to do 2FA as a user.

https://www.authy.com/developers

Just support federation from something like Okta and 2fa is taken care of