Because given the rest of the software ecosystem available, maybe 0.01% of their customers would ever use such a feature.

It's way easier to just properly secure website logins with any number of 2FA methods, and rely on good old TLS for your encryption.