2. A password crack can result in them losing a significant amount of money, and
3. This happens often enough that it offsets the userbase losses of 2FA
If your user accounts are important enough to let them lose a large amount of money, your users are probably demanding better security from you already. The real blocker to 2FA are services which rely on being convenient, and make money off their users being users e.g. social media.
1. Your profits come directly from your users
2. A password crack can result in them losing a significant amount of money, and
3. This happens often enough that it offsets the userbase losses of 2FA
If your user accounts are important enough to let them lose a large amount of money, your users are probably demanding better security from you already. The real blocker to 2FA are services which rely on being convenient, and make money off their users being users e.g. social media.