The point is not whether 2FA is good or bad. The point is who benefits from the particular way BorgSoft have designed their policy and interface for use of 2FA.
From a code security POV, I could accept the limiting of privileges for an account not using 2FA, eg committing code to a repo. But preventing an account from logging in at all? Preventing editing wiki, filing issues, or even starring a project? This is overreach, in this case with an obvious DataFarming agenda.
(2/?)