Problem: Even though we know, It's extremely important for administrators and editors with advanced permissions to keep their accounts secure, Not everyone in the Mandatory use user groups & SSH key Wikitech users had been enabled 2FA security in their account. If any of these accounts are compromised, it could cause widespread disruption and vandalism in Wikimedia/Wikipedia.
Proposed solution:
Implement T242031. Minimize the situation where people get locked out of their accounts, as much as possible.
Give them a private message and a month to familiarize themselves with 2FA.
Then add them to $wgOATHRequiredForGroups. Prevent them from using their rights until they enable 2FA.
If we can implement it smartly, then Foundation won't be needing any paid staff to act as support representatives.
Who would benefit: It will minimize Wikimedia/Wikipedia's risk of being compromised.
More comments: This way, we can get one step closer to making this possible for all concerned editors. The security team and community tech team should work together on this community wish.