Enforce use of secure 2FA across Jupyter's orgs

[consideRatio]

We have resolved #93, but there is a more stringent requirement that requires non-SMS based 2FA, as SMS based 2FA isn't as secure as one may think (see https://www.youtube.com/watch?v=wVyu7NB7W6Y for example).

We should work towards this, right?

[manics]

Maybe selectively require it, e.g. for organisation owners, and perhaps some privileged roles, only?