It still puzzles me why the Common Application and MyCoalition don't support two-factor authentication when almost everything else is adding support for 2FA.