I think best practice will be that you can login with single-factor and see basic stuff but if you want to do anything more critical like money related or changing email depending from context you are forced to use two-factor.

Also if it's at least approximately to password security this is very welcome options. Most services I use I just want access easily.