I will suggest not to bother user to confirm their identity with Two-Factor Auth every time when they want to log in!
On the other hand, you may perform a basis check of IP address when they login. Assuming that you store login IP Addresses history, you may compare locations! If once the login IP is from Kazakhstan and the user is from USA, and he usually login from USA, then you may push Two-Factor Auto to confirm his identity.
You can also push T-F Auth on big orders.
I am over critical thinking. It is like checking everyday if gravity works!
Anyway, dedicated servers here: 1way.pro