you need to read my message entirely, and in the context of enpass being an offline-first password manager.
for access to data online 2FA is totally useful and awesome, but if you have the data already like your enpass vault on your computer, TOTP and the likes cannot add to the encryption due to the dynamic nature of the codes.
you would need something like a smartcard with encryption keys for proper 2FA on offline data.
a code that is dependent on the time like on TOTP, or dependent on several factors on U2F cannot be used to add encryption since you cant get that same code/data later on to add that to decryption.
sorry for posting a link to my blog but I explained this in depth over there: https://blog.my1.dev/steganos-privacy-suite-19-is-a-joke
TOTP and many other dynamic code formats can literally only be used to allow or deny access to something, however when the data is already sitting there, just encrypted, there's nothing you can allow or deny, as you could just either hotwire the checks in RAM to skip that part or decrypt the wallet yourself outside the password manager