My credit union offers two factor authentication. Could a Bitcoin exchange do the same? You bet. But they haven't. The fact is that it's easier to find legit and robust exchanges and institutions in USD than BitCoin.
I believe you're correct in that the exchanges don't use two factor authentication. However, my Bitcoin wallet is an online one (yeah, not so secure, but I only do a little bit of mining...less than $50 in there right now) that definitely does use two factor authentication through the Authy app. Quite simple really, and the exchanges should definitely use something like this.