There's StartPasswordCheck too. Check out lib/authenticationplugin.php and for example the plugin AuthCrypt (default password management) to see how you can do stuff.

Essentially, make a 2FA plugin that extends AuthenticationPlugin, and then in the event handler onStartCheckPassword do whatever you need to do to check the 2FA stuff.

You might have to fiddle with it being 'authoritative' though, assuming it uses the same password as would be accepted without a second factor in AuthCryptPlugin.