I enable 2-Factor Authentication on all my clients’ websites. I use it in all my own personal websites.
Admittedly, it is a pain to use: Midway through the login process I have to grab my iPhone, bring up the Google Authenticator App, look up the site and copy the 6-digit code. Sometimes my iPhone is in the other room and I have to go get it. Sometimes I first need to login to my web hosting dashboard first, with means I have to do a second 2FA authentication.
Also, right now I’m about to buy a new iPhone and so I’m making sure that all the Google Authenticator stuff will transfer to the new phone.
While 2FA adds a layer of ‘nuisance’, it is worth it. 2FA makes it virtually impossible for someone to brute-force their way into any of your accounts.