I don't see any of the 2FA options on Special:Preferences#mw-prefsection-echo, but I do see "Login from an unfamiliar device" (for example) from MediaWiki-extensions-LoginNotify
Something relating to OATHAuth not setting anything for $wgNotifyTypeAvailabilityByCategory? And/or reusing 'category' => 'system'?
It's unclear where/how users currently get notified of these (just on Web? Email too?), which is even more relevant with the case of T131788: Users should be notified when only two recovery codes are left, T353962: Add new notifications for additional 2FA being enabled/disabled...