2-factor doesn't prevent your code from being swiss cheese, though. It helps prevent attacks on authentication. If you have a valid user, they can hammer on your swiss cheese code all day and eventually expose your database or worse.