To add to this, I manage my elderly parents accounts under a family plan. With Lastpass I was able to setup ONLY THEIR 2FA so that it was only required on FIRST login from a NEW device. This was specific to their users and all other users were required to re-enter 2FA every 30 days. This meant their account was protected by 2FA, but didn’t require them to re-enter it unless they change to a new device. Made things a lot more secure than having them get locked out of their password manager, and default to using terrible passwords from memory like “password123”.