Is enabling Two-Factor Authentication (2FA) a recommended step?