There is a plugin for Roundcube Login that makes 2FA possible. I did not test it in the current release because when i installed it wrong i can not login anymore when the plugin is still active. The solution would be removing the part of the database but i lack in knowlede how to make it practical. At least we could make some small progress for the web interface