Agnès Haasser just gave a great overview of 2FA and strong user authentication in Django.
She showed how to use it, what options you have and where the shortfalls are. (The included texts aren't always user friendly and you have to account for time offset/drift of hardware timed code generators in corporate environments)
Benedikt really liked this talk and recommends watching it again when the recordings are released.