Something like 2FA will come but it has to be done in a way that won't annoy anyone. For most people MG is just a database to dragdrop modules around, they won't like to give away their mobile phone numbers or fumble around with 3rd party authenticator apps.
I totally get that, a user friendly platform is very important. Better password requirements unfortunately have been proven to often not be effective, because complexity results in users either forgetting their password or recycling their password frequently.
My take would be to require 2FA only for users who intend to sell on MG. This is a common requirement for any modern marketplace platform and I don't think it would be out of place for MG to also enforce this.