So I posted a little notice advising users to use two-step authentication. Since then, customer service NIGHTMARE. If your users are savvy enough to use two-step, they'll do it on their own. The other folks have NO IDEA how the process works and will start all manner of threads complaining about it. Just FYI.