People have mentioned that it is only possible to move your money to the linked bank account and that is sufficient for protection. While that is true, a mischievous hacker can still buy garbage instruments and drain your money, even if they may not get a penny of it. Why would they do that? Well, why do vandals exist?
Is it the same two factor authentication factor mechanism that is used for IG ISA account as well? I'm with HL and CSD already and they both have memorable word protection at least, where you only enter some of the letters of that word meaning the probability of someone getting all letters of the memorable word on top of the password is significantly reduced. In some ways that could be even better than 2FA apps like Authy if their recovery passwords are stored in the same place as you store the rest of your passwords.
In any case, I would like IG to support these 2FA apps. It would have made me less hesitant to open an IG ISA.