Email-based 2-factor authentication (2FA) is a viable option for protecting user accounts from brute-force attacks, credential stuffing, and other forms of phishing. While it's not foolproof, email 2FA can provide an additional layer of security when used alongside more secure channels like Time-Based One-Time Passwords (TOTP). The benefits of email 2FA include reducing the risk of account takeover for users whose first factor was compromised due to brute-force or guessed passwords, credential stuffing, or phishing attacks. However, it's essential to note that email 2FA may not protect against password reset via an email, which can leave users vulnerable if their email account is compromised. Nevertheless, services like Gmail encourage security checkups to mitigate this risk. By integrating email 2FA with APIs like Twilio's Verify API, developers can provide users with a convenient and secure way to verify their accounts.