I'm guessing there's no basis, beside that approach being what we heard about most recently with Dropbox.
It would be a little ironic if a company that's been strongly advocating the use of multi-factor authentication for many years now didn't enforce it for their own superusers. If that's not the case, then it's double ironic that those superusers are able to access the password digests in the database through that panel.