Late to the party!
But 2FA is the best. I enable it everywhere - Everyone at work needs it to login to E-mails.
It only triggers if you log out - So people at work get hit by it once a month, during a forced log out.
one of our sales reps put her password into a phising site... which she uses for everything. They used that password to mass e-mail invoices to everyone of our customers (We're talking hundreds) Imagine the embarrassment having to contact them all and tell them not to pay. 2FA on everything that can use it!
Is it needed on a sign forum? Not really - but the more stuff that uses it, the better. 2FA should be the norm - It doesnt have to even be enabled every login, googles approach is nice where if you login from a different device / IP address, it'll trigger 2FA. but I'd still rather 2FA Be enabled and have to inconveniently type a 6 digit code in, than it not being an option at all.
I must have missed the mandatory time it was turned on... going to enable it at work tomorrow