Two factor Authentication is not possible with a decentralized app like MetaMask. We do not hold your keys. You do. So there is nothing to authenticate.
Related to Security Key support: What you describe is a hardware wallet. MetaMask integrates with Ledger and Trezor.