That's the way, using strong passwords and changing the password with or without any hack periodically...
Why bitcointalk don't use a 2FA? It would be nice for security
Because it is forum based on old software in times when no one even heard about 2FA?
And new forum software which will probably use 2FA functionality is in development for couple years already.
So there is very little reason to waste time and effort to update current version of Forum with new features.
2FA is unnecessary to a forum, we use 2FA on cash or crypto coin related accounts, such as trading site accounts, dark market place site accounts.
If the database of bitcointalk is leaked, 2FA wouldn't work because our passwords are compromised. Hackers can try your passwords on other bitcoin sites, try to steal our money. They know analyze the passwords using social engineering knowledge.