If you're building an API which needs a high-security level, it can be very useful to use a 2FA. We could pretty easily support two-factor authentication using the current implementation of the Users & Permissions plugin.
For more details, please see https://github.com/strapi/strapi/issues/786