Since a 2FA token isn't based on public key cryptography, there would have to be some trusted party that verified the 2FA token. So as far as we know, it can't be done by a public blockchain itself. You can use multisign and have one of the private keys held by a private party that only signs transactions if they have received a verified 2FA token.
But really your question doesn't make sense. What does 2FA do that a private key doesn't do? Arguably, a private key is even better than 2FA because you can arrange it so that nobody else knows the private key whereas with 2FA, everyone who verifies the 2FA must know the secret.
We use 2FA where private keys are impractical. It's vastly inferior because everyone who verifies must know the secret. We want only the one authorized to authenticate to know the secret and private keys give us this.
yea for a sms to be sent would require a 3rd party. but how would one integrate a google authenticator key that generates a different key every 30 seconds into a public blockchain? wouldn't the 2fa seed key to generate these keys be publicly viewable on the blockchain too? – Patoshi パトシ – 2016-12-23T19:52:50.647
3Instead of 2FA, literally use a phone wallet as a second signer in multisig. If your phone is secure enough to store a Google Authenticator secret, it's certainly secure enough to store a Bitcoin private key. – Pieter Wuille – 2016-12-23T21:22:52.163