Users that do not have a second factor configured for their account should be reminded of the fact they should, or even must, configure a second authentication factor.
For external, third-party based authentication, such as Twitter, Google or Facebook, the second factor can be a passphrase, a smartphone with FreeOTP installed, or a phone number eligible to receive text messages.
For 'internal' accounts (where we hold the username and password), this can be a smartphone with FreeOTP installed, or a phone number eligible to receive text messages.