Well, if you use a password manager such as bitwarden you can store your 2FA one ctrl-v away. Even if this is a less secure setup, that still prevents someone eavesdropping on your password from reusing it.

Why would you not want to use 2FA?

Of course. I was referring to the non-self-hosted solution.

My bad indeed, I thought Lemmy supported OAuth but I was confused with Mastodon. Hopefully someone contributes a OAuth/OIDC solution soon.

Why do you ask for the user password rather than using oauth to access the user account? This looks highly suspicious, websites should never do that.