2FA gives the user another layer of security, which should most certainly be used. With 2FA eg. transactions are only possible if a second authentication is provided. Commonly used are PIN sent via sms (which are vulnerable to social engineering) and apps like Google Authenticator, Authy or Lastpass for PIN creation. Here, the platform and smartphone are synced through and every 30 seconds a new PIN is created through a mnemonic seed. As with the private key the seed should always be printed for backup. If the phone is lost, the new phone can easily be synced again through the backup seed.