Whilst the recent enforcement of 2FA (via email) is a welcome addition to the security of High-Level, email based 2FA is unfortunately one of the least secure 2FA methods.
So, please add more 2FA options.
Including at a minimum TOTP codes (a global standard) that people can use through whatever TOTP App they use.
(E.g. Authy, Duo, Google Authenticator, Microsoft Authenticator etc).
And at the same time, please:
  1. Allow an agency to select what 2FA options they will allow to be used across their clients.
  2. Allow Admins of a sub-account to also have this level of functionality to select what 2FA options users in their Sub-Account can use IF the Agency gives it to them.