There’s an existing feature suggestion discussing an option to enforce 2FA for shared users in order to access a server. This suggestion is going back some time and isn’t immediately linked to today’s incident – I suppose therefore it hasn’t gotten all that much attention (and votes).
If this is basically what you’re looking for, I suggest you comment/vote in that thread in order to avoid distracting or cannibalizing votes.
