Do a factory reset of your router, create a new WiFi key, turn WPS off and backup your configuration. If your router settings still change then you have malware on one or more devices
Kali Linux is an ethical hacking tool designed for penetration testing, if they are using it maliciously then they are breaking the law and should be reported. You will need to set a very strong wifi password and change it regularly and perhaps change your SSID as well. A bit of a pain in the wotsit and you shouldn't have to do it but you've already seen the consequencies if you don't.
the only way I can think of that they can overcome 2 factor authentication is to clone your mobile phone. If this is for real (???) then you must be living near some very clever resourceful people.