I am of the opinion that the two factor authentication ( 2fa ) system needs to be more robust. For example:
Two Factor Authentication needs its own menu link. It does not need to be under "General Settings" at the very bottom of the page.
Admin should have the ability to require two factor authentication with the following features:
Admin should be able to decide if users can disable / enable two factor authentication on their own. For example, an Admin may want "subscribers / ar members" to choose whether or not they want two factor authentication enabled. However, Admin may want two factor authentication mandated for "Editors" "Contributors" and other "Admin" users.