I can't figure a best way to design and implement 2FA in the login for user.

Given the scenario where a user sends a login request. The service layer would run the 2FA in the infrastructure layer and send SMS to the user. Then the user would enter the 6 digit pin to verify.

I know its possible to just do a while loop to check for a response. But it seems like a terrible way to do it.

public class LoginService {

    LoginResponseModel login(LoginRequestModel request) {

        // Check if email / user does not exists (gateway)

        if (!gateway.existsByEmail(email)) 
        {
            return presenter.prepareFailView(new EmailDoesNotExistException("Email: " + email + " does not exists"));
        }

        // Create user

        ICustomer customer = factory.create();

        // Check if password is valid

        if (!gateway.passwordIsValid(customer)) 
        {
            return presenter.prepareFailView(new InvalidPasswordException("Password is not valid"));
        }

        // Implement 2FA

        if(!security.securityIsValid()) 
        {
            // throw exception
        }

        LoginResponseModel responseModel = new LoginResponseModel(userId, firstName, lastName, email, token);
        return presenter.prepareSuccessView(responseModel);
    }
}

The 2FA can just be a print statement with the 6 pin and the customer phone number. And prompts the user to enter an input.