The negative consequences which could be terms of money and other parameters could not be estimated as it depends upon the type of breach and the intention of performing such malicious activity. Admin panel of Magento is a gateway to all the configurations and important information about your website and business and hence it becomes inevitable to protect it.
2 Factor Authentication is an excellent way to add an additional layer of security along with the username and password of your Magento 2 Admin Panel. Once you enable the 2 Factor Authentication, your admin panel login process would involve 2 steps:
Step 1: You would have to enter your username and password.
Step 2: You will have to get authorized by passing the Google Authenticator QR code scanning process.
To Configure 2 Factor Authentication for your Magento 2 store,
1. Login to your Magento 2 Admin Panel.
2. Navigate to Stores -> Configuration.
3. Open up the Security tab and click on the 2FA menu item.
4. Open the General Group and set the "Enable Two Factor Auth" to Yes.
5. On the "Force providers", uncheck the "Use system value" and select the Google Authenticator option. This would force all your admin panel users to use the Google Authenticator option for authorization to the Admin Panel.
6. Open the "Google Authenticator" group and set the "Enable this provider" option to "Yes".
7. You can set the Enable "trust this device" option to Yes if you would like to have your user not get validated each time they try to login and in each device that they try to login. You can set this option to No and they will get validated every time they login and in every device that they try to login.
8. If you would like to choose some other providers like Authy, Duo Security, etc for Authentication, you can open up the respective provider section and configure your settings.
9. Once you have enable 2FA and enabled Google Authenticator and click on the Save Config button, you will be displayed with a QR code to scan using your authenticator app and you would need to enter the Authenticator code to confirm.
10. If you would like to have different authentication method for each of your admin users, then you can leave the "Force providers" option without choosing any value and you can select the authentication method for each admin user by navigating to System -> All Users, click on any one of the user and click on the 2FA tab on the left.