You have to understand that there’s a lot going on under the hood here, and most of it doesn’t involve interactive users. I don’t know how one would implement 2FA between, say, a contact sensor and a hub. Would you force it to renew with a new auth code every 30 days? What happens when you have 100 devices on the network (not at all unusual in a larger house)?
2FA is a good idea for user authentication, but not such a great idea for device-to-device communication. Also, Authy as a 2FA solution always seemed… odd to me. If one of your authenticators is in the cloud, isn’t that a risk in itself? I strongly prefer something like Google auth where a key exchange happens and your device holds the only copy of your key.