Hi and thank you for letting us know!

Indeed, Signal has a Registration Pin Lock which works somewhat similar to 2FA without periodically rotating the second factor. It’s a static pin code explained in detail here.

Registration Pin Lock helps to prevent someone from using a phone number that does not belong to them. If someone has access to your SIM card or is otherwise able to gain access to your phone number (see e.g. KrebsOnSecurity’s article), it’s possible that they are able to receive Signal’s confirmation SMS and activate the user account. However, if the account had been associated with an additional registration pin code, they wouldn’t be able to access the account (without knowing the pin).

WhatsApp has similar Two-Step Verification feature