After doing some research, and reading Google's info, I've decided to go woth what I have and say that 2FA is required. I will make a note that "less secure" may also work, but really it is indeed "less secure" and actually turning on 2FA is the right solution. I am sorry I didn't ask about 2FA before...

Here's what will be in the docs for the next release (added the orange highlighted text, the rest is unchanged):