I spend a lot of time telling people to use two factor authentication on their important web accounts. This may explain why I don’t get invited to parties.
While using 2FA is a great idea, there is one issue which you (and your employees) should be aware of.
If your 2FA solution relies on text messages to deliver it’s one time passcodes, it may be vulnerable to “mobile number port out” scams. This article from the always informative Brian Krebs explains the mechanics of this.
The solution? If a site offers the choice between using text messages and an authenticator app, choose the app. If you have to use text based authentication, make sure that your mobile phone account is protected from porting using a PIN or password.