Your password/keys are never sent to the server, they give direct access to your account on the blockchain. So classic 2FA will not work.
Someone could create a service using multisig functionality, but that's a lot of work.
Right now it's recommended to change the owner key and have that in cold storage. When another key gets compromised you can always change it using the owner key.