Stop using Google for QR codes.

[Troughy]

The whole idea is great, but in the plugin's current state, no one should use it.
Why would you use Google to generate QR codes? That defeats the entire purpose of 2FA by sharing your secret with a third party, and also it's probably slower than making a QR code locally. Try zxing instead. Here's a tutorial. (Edit: found this)
Also, advising people with perms to use 2FA is not enough. Server owners should require their admins to use 2FA. If you trust them enough to give them perms, you probably trust them not to share their password with anyone. So, in case someone somehow manages to get their passwords, requiring every admin to use 2FA might save the server. (Or at least having an option to require all admins to use 2FA.)