Re: Email != Webmail
It doesn't matter if there's no 2FA support in your IMAP/POP client, because 2FA systems typically require an "application password" for those clients that is automatically generated and then copied into the client's configuration. Because the user doesn't get to choose the application password, if properly implemented it will never be weak. Because it can be invalidated or reset from the server without affecting the master password/2FA pair, the user doesn't even need to know what it is or record it.
This isn't theory: the paid email service I use works exactly like this. And, it isn't Gmail, but I believe that works the same way.
Biting the hand that feeds IT
