Thanks for the tag, JD.
You have to keep things in perspective @plboucher. While the statistical likelihood of an individual or mass attack on SmartThings Accounts is impossible to calculate, it is much less likely than attacks on bank accounts and social media accounts. Many of those offer 2FA; but even then, the overwhelming majority of users do not voluntarily activate 2FA or similar options!
Out of thousands and thousands of ActionTiles Customers, only about 5 have ever requested a 2FA feature. ActionTiles’s scope is smaller than the SmartThings App, but still can offer access to Locks, Alarm State, etc… We have protections against brute force login attempts and known serious vulnerabilities, but nothing else is desired by any Customer except a fraction of a percentage.
Security is a personal matter. Personally, I’m not worried. Professionally - we prioritize based on customer interest. I’m sure SmartThings does the same - you can ask them at Support@SmartThings.com