The security advice I give clients is here:
Two Factor Authentication is a very powerful feature. There are ways to effectively get it: obviously password reset email accounts which have TFA help a lot.
Xero, however, will offer it soon and this will raise the visibility of this really important feature. I request that Dear offer it as well.