If possible, theymos should grant the ability for bpip.org to detect changes to 2FA/OTP on an account, to eliminate this new possibility for account traders.
2FA is a security function, it might not be easy and advisable playing around it.
Anyone who is buying an account without changing the email or changing the password, it is already a big risk on the side of the person if you ask me. So, there'll be no need trying to stress ourselves.
Besides, account sell is not illegal, so theymos is not going to stress himself because he wants to prevent account selling.