Don't use 2-Factor-Authentication

I'm sorry, but this post is misinformed.  2-Factor-Authentication, or any Multi-Factor-Authentication, is inherently more secure than Single-Factor-Authentication.  Why?  It takes more steps to be able to login.  Even if a company were to improperly implement 2-Factor-Authentication, you would still have to know the password, so it would be no less secure than a web service that only offered Single-Factor-Authentication.

Here's the basic factors that can apply in electronic security:  Something You Know, Something You Have, and Something You Are.

The classic single-factor is just using Something You Know, which is typically a password.  Even if you have multiple pieces of something you know required for login (a password, a SSN, security questions, etc), it's still Single-Factor-Authentication.  This can be defeated if somebody has discovered information about you, either through mishandling of your own credentials, or reusing passwords/other information from a website that has been compromised.

When you add a second factor, you most likely are going to add Something You Have.  This might be receiving a one-time code via text message or email, having a pop-up notification on a phone app require you to accept or deny the login request, a token-code-generator app making time-based one-time passwords, having a registered hardware token that must be connected to the device requesting login, or have a one-time link that you have to click to approve the sign-in.  By adding a second factor, for someone to be able to login to your account, they must have possession of hardware/system that will produce the second verification, as well as knowing your password/other information.  Obviously, this will only be as strong as the security you setup to guard your second factor.  SMS (test message) is the easiest method to compromise, but is still prohibitively difficult enough to only be limited to targeted attacks (you're high profile or high value).  Email is the next easiest method to compromised, but this can be made to be very secure if you're aware of the risks and manage them.  One-time-password generator apps are the next most secure option with very limited attack options.  Hardware tokens are the most secure method, many having no known way to defeat or bypass the token aside from the user being tricked into giving away their token.

SimpliSafe appears to send one-time-use links via email in order to verify new logins.  Knowing this, you want to ensure that the email you use for this is very secure.  The email account I have it set through requires a hardware security token in order to login.  A second token is securely stored in the event of theft or loss of the first token.  There are no other recovery methods, meaning that someone cannot bypass that second factor requirement by having even a lot of information about me.

Something You Are is a relatively uncommon authentication factor at this time.  This may be a fingerprint, a live camera image of your face, a retinal scan, or hypothetically a saliva sample or anything that can be used to read your genetic sequence.  Many phones now allow the use of fingerprint scans and many phones and computers have higher-quality camera systems that can accurately perform depth measurements of your face to use it as a reasonably secure security factor (iPhones, new Windows computers with Windows Hello, etc).

Obviously with these, the more factors you utilize, the more secure a system can be.  As well, the more factors you utilize, the more inconvenient a system will become.  My recommendation is to ALWAYS use unique passwords at every site you visit, and always register the most secure 2-Factor-Authentication method you can utilize.  Remember that your security is only as strong as the weakest link.  For example, if you register for SMS 2-Factor-Authentication AND hardware token 2-Factor-Authentication, someone can bypass your hardware token's high security by compromising your SMS messages (even if your phone itself is very secure).