User blog comment:DaNASCAT/Technical Update: October 7, 2015/@comment-25648422-20151008205844/@comment--20151009173908

To be clear, we are interested in 2FA, but we see it as not as crucial as Helios (and eventual SSL login) along with the JavaScript review process. Those are the two main security vectors we are trying to address now. 2FA would be nice on top of that.