It's non-trivial to do so because the only way the chain currently verifies a transaction's validity is by checking the digital signatures on the tx. While creating a 2FA mechanism for transfers on the steemit.com frontend interface would be easy it would in no way thwart an attacker who got control of an accounts private keys (they could just import the keys into cli_wallet and empty an account that way), without major changes to the backend. In order for a meaningful improvement in security, 2FA capability would have to be baked in to the STEEM blockchain. It's possible we'll see the addition of such a feature in a future hardfork someday.
IMO, hardware wallet support would do considerably more to ensure safety of high value accounts. I'm hoping
that once the BitShares Munich devs finish coding Ledger support for BTS it might get ported to STEEM.
In the meantime what you can do is only perform transfer operations from a trusted device. On all other devices, log in with your posting private key in WIF format, rather than your password. It's also best practice to log in to various applications built on STEEM (ie. ChainBB for STEEM) with your posting private key, rather than your password.