For obvious security reasons (e.g. on a large scale), I would say that the option to use 2FA is a requirement.
