Two Factor Auth - Brute Force Protection

Hi Team, any plan to implement brute force protection on two factor auth login? Our security testing team discovered that if they stole someone’s user details, they could brute force the two factor auth login… Any plans to implement a lockout after failed attempts?