Why do we need Two Factor Authentication
Of course, if our passwords are only known by us and nobody else can use it, there is no problem. However, a lot of people with more or less malicious intentions also walk around on the internet. They try to get the available information so they can do their "job". If we only have a username and a password to enter the site, it is in a lot of cases not really hard to guess what it is, so they can enter your site just like you do - but in most of the cases with less noble intentions.
Username and password flaws
Because administrators need to remind their username and password to log in, they tend to take quite "simple" usernames and passwords. In most of the cases, they will also need to remember this kind of information for a couple of sites or even lots of sites, so they also tend to keep the same username and password for different sites.
A lot of these names and passwords are quite easy to guess, as the names for administrator are mostly taken from a list with names like
Also for passwords, there is a large list with easy guessable passwords:
Extra protection layer
By integrating a second layer of authentication, which is completely different from the other one (password, username), you can dramatically increase your level of protection. That's the whole philosophy behind the 2FA story, where the second method of authentication is completely different from the first one as it will force you to HAVE something (a physical device, a device which generates a temporary code so you need to have the device available, ...).
For sure for the more "powerful" accounts on your site, it is a very good idea to protect them with 2FA: all super users (administrators), all publishers and all editors are the target audience of this technique.