It's 2020, and username and password is well known to be easily circumvented. The process for using Hosted is to log into hosted with username and password, and then open file using username and password. Users will naturally want to make those 2 passwords the same.
It is likley we will add this in the next 6 months although we maintain that the majority of our users do not want 2FA / MFA as per our surveys in late 2019.
We would like to add as optional only, however that is unlikely due to complexity. What we don't want however is to add MFA and then have an overwhelming response to remove it as that will not be possible once we commit.
In the coming months we'll be running in-product surveys to gauge user feedback at a more granular level rather than lack of votes for this idea across thousands of users.
Please also note that MFA is not mandatory for business accounting software by any government legislation in the 3 countries we operate. There are exceptions around STP and 3rd-party add-ons over a specific number, however we are compliant where these exist such as MFA in our GovConnect product.