I've applied a purple-slack patch which allows me to sign in via credentials from active browser sessions, circumventing 2FA.