So:

1. You had a billing issue because of something weird YOU are doing (seriously, 8 different cards and none of them work? Sounds fishy to me.)
2. You just went “ignorance is bliss” and hoped it would just go away without ever following up on it.

Yeah, not sure how you can blame Wasabi for this one.

I’ve been using them for over a year with great success. A+ would recommend.

Technitium with block lists + OPNSense ZenArmor as a NGFW. Doesn’t block everything, but still as good as you’re going to get.

Wow, yeah my bad.

Integrate an external authentication mechanism.

Something like JumpCloud (I’m using the free version for now). It offers up SAML that can be used in Cloudflare. You can use it as part of their Zero Trust section. You can set it up such that first a user must enter an email address. If that email address (or domain) isn’t allowed, no go. If it IS allowed, then they are redirected to JumpCloud for authentication/2FA. Only AFTER this are they then redirected to any hosting services.

This may be a little more than what you were asking, but it’s all web-based on the client side, so it would still work with your Android phone.

Otherwise, literally any 2FA app should work.