IMAP is ancient and in its own does not support 2FA. You could do it with webmail clients but you can’t do it with plain ol’ IMAP. I have seen some attempts at it where the password is concatenated with the TOTP, but the nature of mail clients frequent polling means users would be constantly hammers with requests to reauthenticate. There is an RFC for OAUTH2 BEARER support and there are even some servers which support it (eg Stalwart IIRC) however there are literally zero clients which support it (AFAIK). And you especially can’t use any of the main top 10 email clients that most people use, there may be some small obscure mail client that supports it, but even Thunderbird lacks support.