At DropSecure, we have made MFA as our top most priority and we provide MFA even for unregistered users. All links are by default protected by MFA so only the intended recipient can access the link and no one else. It is also important to know that not all MFA are same. MFA has to be a second factor, which means if you are getting a link by email, it’s best for MFA to be sent to a device other than email and the preferred choice has become SMS to mobile.
With recent events though, it turns out that SMS can be easily hacked. The next best secure option without needing any additional hardware is TOTP (Time-based OTP) authenticator. At DropSecure the authenticator is our preferred option for MFA and we will keep working on educating our clients about the safest way to set up a second factor. Do remember that, given some of the vulnerabilities of a second factor, it is still far more secure to have a second factor vs none.