On the O3 desktop client, it asks for a passphrase.
On the O3 mobile app, it asks for your pin code.
IMO there should be a second prompt [on the client/app respectively] to input the Google 2FA code.
Always makes me feel safer 
1 Like
I agree nothing like 2A