When you install the WP 2FA plugin on your WordPress site, by default all users with administrator role can access and change the 2FA settings, including the 2FA policies. On a multisite network, all the users with super admin capabilities can also change the 2FA settings.
However, you can restrict access to the two-factor authentication plugin settings and policies by simply enabling the setting Hide settings from other administrators. When you enable this setting, only your user will have access to the settings.
Last updated on May 30, 2022