Yes we use OAUTH2 and this is 1) more secure than passwords to begin with 2) supports two-factor.
It does not support "advanced multifactor" that only Gmail app supports (I'm not sure of the exact name, but it's not "just two factor" it's some yet another thing that Google has.... this is a limitation on Google's side).
Re: this is a gateway to my emails for any hacker to access them. Is this correct
Two factor or not, "any hacker to access them" is blatantly *not* correct.
Re: @Kostya Would be useful to be able to link to specific questions
Yeah, filed with web development team, hope they get to this sooner or later...