This is a simple 2-factor authentication plugin for WordPress that just works. It has the three options that I was looking for: Email, Time Based One-time Password (Google Authenticator), and Backup Verification Codes. It doesn't have advanced features such as mandating 2FA for specific user roles but it does cover the basics very well.
Installed on WP 6.3. Works fine.
I tried a few but they were too complex. This one makes it easy to secure a specific user (admin) and get a code via email which is what you need now hosting companies (Bluehost, GoDaddy) allow login to admin via their control panels with administrator passwords. (Talk about inbuilt security breaches)