If people want to use the service, they will figure it out. You can't create services with the dumbest user in mind. Sometimes a little nudging helps.

Besides you can always dynamically hide (or show) the 2fa option if the email or username doesn't have 2fa enabled.